Added HTML sanitizer

2024-02-22 15:22:45 +01:00 · 2024-02-22 15:22:45 +01:00 · 6e91253908
commit 6e91253908
parent 9bb6010319
1 changed files with 6 additions and 2 deletions
--- a/cmd/articles/markdown.go
+++ b/cmd/articles/markdown.go
@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"

+	"github.com/microcosm-cc/bluemonday"
 	"github.com/yuin/goldmark"
 )

@ -11,8 +12,11 @@ func ConvertToHTML(md string) (string, error) {
 	var buf bytes.Buffer

 	if err := goldmark.Convert([]byte(md), &buf); err != nil {
-		return "", fmt.Errorf("error: cmd/articles/markdown.go ConvertToHTML goldmark.Convert(): %v", err)
+		return "", fmt.Errorf("error converting markdown to html: %v", err)
 	}

-	return buf.String(), nil
+	p := bluemonday.UGCPolicy()
+	html := p.Sanitize(buf.String())
+
+	return html, nil
 }