microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
https://github.com/microcosm-cc/bluemonday
BSD 3-Clause "New" or "Revised" License
3.2k stars 175 forks source link

Resolves #56 strings.ToLower() results in false match #57

Closed grafana-dee closed 6 years ago

grafana-dee commented 6 years ago

Use of strings.ToLower() within the match for script or style handler for TextToken results in unsanitized content being printed.