Michael Ganss

This seems to be an issue within AngleSharp.Css. I've submitted an issue here: https://github.com/AngleSharp/AngleSharp.Css/issues/100

AngleSharp.Css does not keep comments in its object model after parsing. AFAICT this is in accordance with the CSSOM spec but I have opened an issue nonetheless: https://github.com/AngleSharp/AngleSharp.Css/issues/99

You'll have to use events: ```c# sanitizer.RemovingTag += (s, e) => e.Cancel = e.Tag is AngleSharp.Svg.Dom.SvgElement; sanitizer.RemovingAttribute += (s, e) => e.Cancel = e.Tag is AngleSharp.Svg.Dom.SvgElement; ```

If you want to keep the event-based approach allowing all SVG elements and their attributes, you'll have to implement your own logic. Something like this: ```c# sanitizer.RemovingAttribute += (s, e)...

So users should be allowed to enter SVG?

If user entered SVG is really a possible source of XSS then it's probably best to compile a list of elements and attributes you want to allow and add these...

So the input is this? ```html > ``` I'm getting this as output: ```html ><%00img src=1 onerror=alert(1)> ``` Do you expect a different output?

I don't understand where the possible attack vector is here. After sanitizing, there aren't even angle brackets anymore.

I took the liberty of adding [code formatting](https://docs.github.com/en/github/writing-on-github/basic-writing-and-formatting-syntax#quoting-code) to your inline examples. I'm still confused as to what the actual issue and goals are. Where exactly does the null byte...

In the first example, the `th` is not stripped by the sanitizer but by the HTML parser because it's invalid HTML. This has nothing to do with document vs. fragment,...