Extract HTML sanitizer to its own file

author: Simon Ser <[email protected]> 2020-01-08 14:25:46 +0100
committer: Simon Ser <[email protected]> 2020-01-20 16:20:16 +0100
commit: 8d248bc32fa18e4bc9c26fabf603fdaadc45963c (patch)
tree: cd2aa12bdecc6755f08ffc54275f5266d0212d30 /plugins/base/sanitize_html.go
parent: d745f98bb7e77e9a1841ca9f5b7c9a6046c3b794 (diff)
download: alps-8d248bc32fa18e4bc9c26fabf603fdaadc45963c.tar.gz
alps-8d248bc32fa18e4bc9c26fabf603fdaadc45963c.tar.bz2
alps-8d248bc32fa18e4bc9c26fabf603fdaadc45963c.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/plugins/base/sanitize_html.go b/plugins/base/sanitize_html.go
new file mode 100644
index 0000000..f48ef4a
--- /dev/null
+++ b/plugins/base/sanitize_html.go
@@ -0,0 +1,18 @@
+package koushinbase
+
+import (
+	"github.com/microcosm-cc/bluemonday"
+)
+
+func sanitizeHTML(b string) string {
+	p := bluemonday.UGCPolicy()
+
+	// TODO: be more strict
+	p.AllowElements("style")
+	p.AllowAttrs("style")
+
+	p.AddTargetBlankToFullyQualifiedLinks(true)
+	p.RequireNoFollowOnLinks(true)
+
+	return p.Sanitize(b)
+}
author	Simon Ser <[email protected]>	2020-01-08 14:25:46 +0100
committer	Simon Ser <[email protected]>	2020-01-20 16:20:16 +0100
commit	8d248bc32fa18e4bc9c26fabf603fdaadc45963c (patch)
tree	cd2aa12bdecc6755f08ffc54275f5266d0212d30 /plugins/base/sanitize_html.go
parent	d745f98bb7e77e9a1841ca9f5b7c9a6046c3b794 (diff)
download	alps-8d248bc32fa18e4bc9c26fabf603fdaadc45963c.tar.gz alps-8d248bc32fa18e4bc9c26fabf603fdaadc45963c.tar.bz2 alps-8d248bc32fa18e4bc9c26fabf603fdaadc45963c.zip