bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
BSD 3-Clause "New" or "Revised" License
3.14k
stars
176
forks
source link
URLs with multiple query parameters escape the `&` delimiter incorrectly #88
Closed
platinummonkey closed 5 years ago
Example the following test case exists which tests 1 query parameter
Add the following test case to produce a failure with more than one query parameter.
the result would be
<a href="?q=1&r=2" rel="nofollow">
which breaks the queries