From b1c8a1ceeb9f95182f345d9af2cd22b5b6ddae5c Mon Sep 17 00:00:00 2001
From: Yitzchak Gale <yitzg@suite-sol.com>
Date: Tue, 26 Jun 2018 21:59:25 +0300
Subject: [PATCH] Use custom safe tags also for continuation.

---
 Text/HTML/SanitizeXSS.hs | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/Text/HTML/SanitizeXSS.hs b/Text/HTML/SanitizeXSS.hs
index 4d4d446..8d5e445 100644
--- a/Text/HTML/SanitizeXSS.hs
+++ b/Text/HTML/SanitizeXSS.hs
@@ -34,7 +34,7 @@ import Network.URI ( parseURIReference, URI (..),
                      isAllowedInURI, escapeURIString, uriScheme )
 import Codec.Binary.UTF8.String ( encodeString )
 
-import Data.Maybe (catMaybes)
+import Data.Maybe (mapMaybe)
 
 
 -- | Sanitize HTML to prevent XSS attacks.  This is equivalent to @filterTags safeTags@.
@@ -88,14 +88,14 @@ safeTags = mySafeTags safeTagName sanitizeAttribute
 mySafeTags :: (Text -> Bool) -> ((Text, Text) -> Maybe (Text, Text)) ->
               [Tag Text] -> [Tag Text]
 mySafeTags _ _ [] = []
-mySafeTags safeName _ (t@(TagClose name):tags)
-    | safeName name = t : safeTags tags
-    | otherwise = safeTags tags
+mySafeTags safeName sanitizeAttr (t@(TagClose name):tags)
+    | safeName name = t : mySafeTags safeName sanitizeAttr tags
+    | otherwise = mySafeTags safeName sanitizeAttr tags
 mySafeTags safeName sanitizeAttr (TagOpen name attributes:tags)
-  | safeName name = TagOpen name
-      (catMaybes $ map sanitizeAttr attributes) : safeTags tags
-  | otherwise = safeTags tags
-mySafeTags _ _ (t:tags) = t:safeTags tags
+  | safeName name = TagOpen name (mapMaybe sanitizeAttr attributes) :
+      mySafeTags safeName sanitizeAttr tags
+  | otherwise = mySafeTags safeName sanitizeAttr tags
+mySafeTags n a (t:tags) = t : mySafeTags n a tags
 
 safeTagName :: Text -> Bool
 safeTagName tagname = tagname `member` sanitaryTags