Handle rare quotes

Fix #8

src/mjs/sanitizer.js

@@ -20,7 +20,7 @@ const REG_END_NUM = /(?:#|%23)$/;
 const REG_END_QUEST = /(?<!(?:#|%23).*)(?:\?|%3F)$/;
 const REG_HTML_SP = /[<>"'\s]/g;
 const REG_HTML_URL_ENC = /%(?:2(?:2|7)|3(?:C|E))/g;
-const REG_HTML_URL_ENC_SHORT = /%(?:2(?:2|7)|3(?:C|E))+?/;
+const REG_HTML_URL_ENC_SHORT = /(?:%(?:2(?:2|7)|3(?:C|E))+?|["'])/;
 const REG_MIME_DOM =
   /^(?:text\/(?:ht|x)ml|application\/(?:xhtml\+)?xml|image\/svg\+xml)/;
 const REG_SCRIPT_BLOB = /(?:java|vb)script|blob/;
@@ -280,7 +280,6 @@ export class URLSanitizer extends URISchemes {
         } else {
           finalize = true;
         }
-        console.log(`isDataUrl: ${isDataUrl}, remove ${remove}, url: ${urlToSanitize}`)
         if (!isDataUrl && remove &&
             REG_HTML_URL_ENC_SHORT.test(urlToSanitize)) {
           const item = REG_HTML_URL_ENC_SHORT.exec(urlToSanitize);

test/sanitizer.test.js

@@ -1294,7 +1294,7 @@ describe('sanitizer', () => {
           'decoded');
       });
 
-      it('FIXME: should get sanitized value', async () => {
+      it('should get sanitized value', async () => {
         const url = 'https://example.com/"quoted"';
         const res = await func(url, {
           allow: ['data', 'file'],
@@ -1303,14 +1303,13 @@ describe('sanitizer', () => {
         assert.strictEqual(res, 'https://example.com/', 'result');
       });
 
-      it('FIXME: should get sanitized value', async () => {
+      it('should get sanitized value', async () => {
         const url = "https://example.com/'quoted'";
         const res = await func(url, {
           allow: ['data', 'file'],
           remove: true
         });
-        assert.strictEqual(res, 'https://example.com/%26%2339;quoted%26%2339;',
-          'result');
+        assert.strictEqual(res, 'https://example.com/', 'result');
       });
 
       it('should get sanitized value', async () => {