Tags · doytsujin/bluemonday

v1.0.15

Fix escaping of HTML attributes

The escaping of attributes should have been handled according to
https://html.spec.whatwg.org/multipage/parsing.html#escapingString
and as it was not, it allowed the possibility of an XSS by overloading
a known attribute like the href. This can be seen in the test within
this commit and is recognised as a vulnerability that existed prior
to this commit.

Additional update to the versions of modules we depend upon

Jul 7, 2021
f0057e2
zip
tar.gz

v1.0.14

Allow the last commit to work on old go versions

Also tidy up some comments

Jun 17, 2021
5117f95
zip
tar.gz

v1.0.13

Merge pull request microcosm-cc#125 from KN4CK3R/additive-policies

Additive policies

Jun 16, 2021
7f2aa2d
zip
tar.gz

v1.0.12

Merge pull request microcosm-cc#124 from microcosm-cc/buro9/reorg

Minor re-org to improve documentation readability

Jun 16, 2021
75e91cc
zip
tar.gz

v1.0.11

Better support for linkable elements that aren't by default safe

Jun 12, 2021
cb61469
zip
tar.gz

v1.0.10

Merge pull request microcosm-cc#121 from microcosm-cc/buro9/95

Resolves microcosm-cc#95 by allowing HTML comments

Jun 10, 2021
aea9941
zip
tar.gz

v1.0.9

Add test for quotes to prevent regression on the ASCII SCRIPT issue

Apr 23, 2021
aed0bc8
zip
tar.gz

v1.0.8

Update .travis.yml

Expand to include newer versions of Go

Apr 13, 2021
487bf2c
zip
tar.gz

v1.0.7

Merge pull request microcosm-cc#115 from zeripath/empty-query-keys

Sanitize should not add forcibly add values to query components

Apr 9, 2021
9de6a94
zip
tar.gz

v1.0.6

Clarify version of douceur

Apr 5, 2021
9a8234b
zip
tar.gz

PreviousNext

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v1.0.15

v1.0.14

v1.0.13

v1.0.12

v1.0.11

v1.0.10

v1.0.9

v1.0.8

v1.0.7

v1.0.6

Tags: doytsujin/bluemonday