bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
BSD 3-Clause "New" or "Revised" License
3.14k
stars
176
forks
source link
Add address to DefaultElementsWithoutAttrs #69
Closed
Mungrel closed 6 years ago
The
address
tag without attributes is safe. And we found in production that it was being stripped despite being present in theAllowElements
list.