Validate against common attacks

[domoritz]

It would be great if this implementation was validated against many possible attacks. https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet is a good starting point.

[crookedneighbor]

Hey @domoritz, this module is mainly for sanitizing urls before the get injected into the DOM as part of a link or button, not general xss sanitization.

If you think we've missed something, you can raise a specific issue.

Also, we'll happily review a pull request!