From ebfe01069c9a7a7141acd17567fa6fd786578967 Mon Sep 17 00:00:00 2001
From: Jason Streifling <jason@streifling.com>
Date: Thu, 22 Feb 2024 15:22:45 +0100
Subject: [PATCH] Added HTML sanitizer

---
 cmd/articles/markdown.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/cmd/articles/markdown.go b/cmd/articles/markdown.go
index fd7d740..e358f5f 100644
--- a/cmd/articles/markdown.go
+++ b/cmd/articles/markdown.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 
+	"github.com/microcosm-cc/bluemonday"
 	"github.com/yuin/goldmark"
 )
 
@@ -11,8 +12,11 @@ func ConvertToHTML(md string) (string, error) {
 	var buf bytes.Buffer
 
 	if err := goldmark.Convert([]byte(md), &buf); err != nil {
-		return "", fmt.Errorf("error: cmd/articles/markdown.go ConvertToHTML goldmark.Convert(): %v", err)
+		return "", fmt.Errorf("error converting markdown to html: %v", err)
 	}
 
-	return buf.String(), nil
+	p := bluemonday.UGCPolicy()
+	html := p.Sanitize(buf.String())
+
+	return html, nil
 }