From 7cee227b4a92e309127e315afa0b153934f6b6a4 Mon Sep 17 00:00:00 2001 From: Kirill Danshin Date: Thu, 19 Jan 2017 18:31:17 +0300 Subject: [PATCH] sanitize markdown --- repo.go | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/repo.go b/repo.go index 9c53515c..40d9bec0 100644 --- a/repo.go +++ b/repo.go @@ -8,6 +8,7 @@ import ( "text/template" "github.com/gorilla/mux" + "github.com/microcosm-cc/bluemonday" "github.com/russross/blackfriday" ) @@ -59,14 +60,16 @@ func generateHTML() { input, _ := ioutil.ReadFile(readmePath) body := string( - blackfriday.Markdown( - input, - blackfriday.HtmlRenderer( - bfHTMLRendererOpts, - emtyStr, - emtyStr, + bluemonday.UGCPolicy().SanitizeBytes( + blackfriday.Markdown( + input, + blackfriday.HtmlRenderer( + bfHTMLRendererOpts, + emtyStr, + emtyStr, + ), + bfMDOpts, ), - bfMDOpts, ), ) c := &content{Body: body}