Require referrerpolicy="no-referrer" on images?

microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

https://github.com/microcosm-cc/bluemonday

BSD 3-Clause "New" or "Revised" License

3.14k stars 176 forks source link

Require referrerpolicy="no-referrer" on images? #78

Open alltom opened 5 years ago

alltom commented 5 years ago

I'd like bluemonday to add referrerpolicy="no-referrer" to all img tags, but I don't see a way to do that with the current API. Maybe we could get an API like RequireReferrerPolicyOnImages(policy ReferrerPolicy)?

The referrerpolicy attribute is experimental but has decent support.

buro9 commented 5 years ago

A good proposal, I'll get something done for this soon.