bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
BSD 3-Clause "New" or "Revised" License
3.14k
stars
176
forks
source link
A tag unnormal output #63
Closed
aimuz closed 6 years ago
<a href="http://www.google.com/" onmouseover="alert('XSS2')">XSS<a>
ouput<a href="http://www.google.com/" rel="nofollow">XSS