bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
BSD 3-Clause "New" or "Revised" License
3.08k
stars
178
forks
source link
multiple matching global matchers can cause duplicated attributes #208
Closed
rmmh closed 1 week ago
Surprisingly outputs
<span title="a" title="a">b</span>
. Changing the second AllowAttrs to end with.MatchElements("span")
fixes it.