Closed platinummonkey closed 5 years ago
This fixes URL sanitization when there are more than one query parameter.
This goes deep into how token.String() works -- on html.StartTagToken tokens like a for example, include linkable attributes (href for example).
token.String()
html.StartTagToken
a
href
Explicitly https://github.com/golang/net/blob/master/html/token.go#L100 token.String() escapes all & ampersands regardless of location. Since & is a valid query parameter delimiter we need to treat this case specifically.
&
fixes #88
Many thanks for the PR :hugs:
buro9
commented
5 years ago buro9
commented
5 years ago
This fixes URL sanitization when there are more than one query parameter.
This goes deep into how
token.String()works -- onhtml.StartTagTokentokens likeafor example, include linkable attributes (hreffor example).Explicitly https://github.com/golang/net/blob/master/html/token.go#L100
token.String()escapes all&ersands regardless of location. Since&is a valid query parameter delimiter we need to treat this case specifically.fixes #88