Docker/documize
Docker/documize
1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-24 15:49:44 +02:00
Code Releases Activity

Sanitize HTML in Markdown sections

Browse source
This commit is contained in:
sauls8t 2019-11-19 11:47:51 +00:00
parent 6882491201
commit a4384210d4
3 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
domain/section/markdown/markdown.go
View file

@ -18,6 +18,7 @@ import (
"github.com/documize/community/core/env"
"github.com/documize/community/domain/section/provider"
"github.com/documize/community/domain/store"
"github.com/microcosm-cc/bluemonday"
)
// Provider represents Markdown
@ -47,9 +48,11 @@ func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.R
// Render converts markdown data into HTML suitable for browser rendering.
func (*Provider) Render(ctx *provider.Context, config, data string) string {
result := blackfriday.Run([]byte(data))
unsafe := blackfriday.Run([]byte(data))
return string(result)
safe := bluemonday.UGCPolicy().SanitizeBytes(unsafe)
return string(safe)
}
// Refresh just sends back data as-is.