The "Sanitizer: Validating that <meta> and <link> work, but only for Microdata" test case expects that:
<link itemprop="hello" href="{{SERVER}}">
is expanded to
<link itemprop="hello" href="http://example.org" />
but that
<link rel="stylesheet" href="{{SERVER}}">
is sanitized to
<link rel="stylesheet" href="<a rel="nofollow" class="external free" href="http://example.org">http://example.org</a>">
We currently render these as:
<link itemprop="hello" href="{{SERVER}}">
<link rel="stylesheet" itemprop="hello" href="{{SERVER}}">
That is, the sanitizer is breaking metadata in the first example (which it
shouldn't) and {{SERVER}} isn't being expanded in either.
Version: unspecified
Severity: normal