HTML like [xss](http://"><a onmouseover=prompt(document.domain)>xss</a>)
or like '[xss](http://"><img src=x onerror=alert(document.cookie)>)'
will end up getting parsed incorrectly and the embedded JS will run.
I've isolated this to the RelativeLinkRewriter
class and how it uses BeautifulSoup doesn't handle the incoming HTML (which is like <a class="" href='http://"><img src=x onerror=alert(document.cookie)>'>xss</a>
at this point). BeautifulSoup 4 does handle that correctly.
Fix on
db/7947
(also aforge-classic
branch)