Incorrect escaping for inline svg+xml data image
brsyuksel opened this issue · 0 comments
brsyuksel commented
HtmlSanitizer encodes the given input to <img src="data:image/svg+xml" /> that should be <img src="data:image/svg+xml" />
Since svg+xml is not recognizable mimetype for browsers, they are just ignored.