Added HTML sanitizer

cmd/articles/markdown.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 
+	"github.com/microcosm-cc/bluemonday"
 	"github.com/yuin/goldmark"
 )
 
@@ -11,8 +12,11 @@ func ConvertToHTML(md string) (string, error) {
 	var buf bytes.Buffer
 
 	if err := goldmark.Convert([]byte(md), &buf); err != nil {
-		return "", fmt.Errorf("error: cmd/articles/markdown.go ConvertToHTML goldmark.Convert(): %v", err)
+		return "", fmt.Errorf("error converting markdown to html: %v", err)
 	}
 
-	return buf.String(), nil
+	p := bluemonday.UGCPolicy()
+	html := p.Sanitize(buf.String())
+
+	return html, nil
 }