Sanitizer does not handle certain html string

Open deepakageeru opened this issue 7 months ago • 1 comments

var sanitizer = new HtmlSanitizer(); var html = @"<<img>svg onload=alert(document.domain)>"; var sanitized = sanitizer.Sanitize(html, "http://www.example.com"); Console.WriteLine(sanitized); // returns "<<img>svg onload=alert(document.domain)>"

Jun 04 '25 21:06 deepakageeru

Looks fine to me at first glance. What output do you expect?

Jun 05 '25 07:06 mganss