aljaz/njump
1
0
Fork 0
mirror of https://github.com/aljazceru/njump.git synced 2025-12-18 06:44:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

move sanitizeXSS() to markdown.go

Browse Source
This commit is contained in:
fiatjaf
2025-01-14 00:30:56 -03:00
committed by dtonon
parent 644bc48947
commit ca21f46a20
2 changed files with 10 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
markdown.go
View File

@@ -9,6 +9,7 @@ import (
"github.com/gomarkdown/markdown/ast"
"github.com/gomarkdown/markdown/html"
"github.com/gomarkdown/markdown/parser"
"github.com/microcosm-cc/bluemonday"
)
var mdrenderer = html.NewRenderer(html.RendererOptions{
@@ -82,3 +83,12 @@ func mdToHTML(md string, usingTelegramInstantView bool) string {
return output
}
func sanitizeXSS(html string) string {
p := bluemonday.UGCPolicy()
p.RequireNoFollowOnLinks(false)
p.AllowElements("video", "source")
p.AllowAttrs("controls", "width").OnElements("video")
p.AllowAttrs("src", "width").OnElements("source")
return p.Sanitize(html)
}

11
utils.go
View File

@@ -14,7 +14,6 @@ import (
"sync"
"time"
"github.com/microcosm-cc/bluemonday"
"github.com/puzpuzpuz/xsync/v3"
"mvdan.cc/xurls/v2"
@@ -339,16 +338,6 @@ func linkQuotes(input string) string {
})
}
func sanitizeXSS(html string) string {
p := bluemonday.UGCPolicy()
p.AllowStyling()
p.RequireNoFollowOnLinks(false)
p.AllowElements("video", "source")
p.AllowAttrs("controls", "width").OnElements("video")
p.AllowAttrs("src", "width").OnElements("source")
return p.Sanitize(html)
}
func basicFormatting(input string, skipNostrEventLinks bool, usingTelegramInstantView bool, skipLinks bool) string {
nostrMatcher := nostrEveryMatcher
if skipNostrEventLinks {