From e09a8353d245413adf5a68ded4154e16b0df007d Mon Sep 17 00:00:00 2001
From: Jason Streifling <jason@streifling.com>
Date: Sat, 8 Mar 2025 10:35:04 +0100
Subject: [PATCH] Allow HTML header attributes in sanitizer

---
 cmd/backend/markdown.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cmd/backend/markdown.go b/cmd/backend/markdown.go
index 1d3f508..1e49b69 100644
--- a/cmd/backend/markdown.go
+++ b/cmd/backend/markdown.go
@@ -31,6 +31,7 @@ func ConvertToHTML(md string) (string, error) {
 	}
 
 	p := bluemonday.UGCPolicy()
+	p.AllowAttrs("id").OnElements("h1", "h2", "h3", "h4", "h5", "h6")
 	html := p.Sanitize(buf.String())
 
 	return html, nil