bluemonday
bluemonday copied to clipboard
microcosm-cc
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Due to https://github.com/golang/net/commit/06994584 HTML comment is escaped.
Sometimes it's desirable to disallow external resources (``, `background: url(…)`, etc), to prevent sanitized HTML from "calling home" (triggering HTTP requests, e.g. using pixel images for tracking purposes). For instance...
Allows a chain of TokenReaders to manipulate the `html.Token` stream prior to bluemonday sanitizing it. Closes #58
Following on from #43 / #44, I've implemented a policy type and builder for style policies, following the same pattern as attribute policies. That means that you can whitelist individual...
douceur already supports parsing full CSS stylesheets. Would you accept a patch sanitizing `` elements content in addition to `style` attributes?
Hey. We are using bluemonday library in a new project and in some cases i need to save the string with characthers entities( , <, >...). But, after sanitize some exemples...
https://staticcheck.io/docs/checks#SA6005 In file sanitize.go: `if strings.ToLower(straw) == strings.ToLower(needle) {` should be `strings.EqualsFold(straw, needle)` or, even better, compile a regexp literal for needle and use it for the entire loop.
Per the bluemonday docs: > We are not yet including any tools to help whitelist and sanitize CSS. Which means that unless you wish to do the heavy lifting in...
I'd like bluemonday to add `referrerpolicy="no-referrer"` to all `img` tags, but I don't see a way to do that with the current API. Maybe we could get an API like...
Metadata
Owner
Metadata
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS