Link hashtag bug (#121)

* link + hashtag bug

* remove printlns

* tidy up some duplicated code
This commit is contained in:
Tobi Smethurst
2021-07-29 13:18:22 +02:00
committed by GitHub
parent ea8ad8b346
commit a940a520d3
15 changed files with 349 additions and 97 deletions

View File

@@ -30,7 +30,13 @@ import (
var regular *bluemonday.Policy = bluemonday.UGCPolicy().
RequireNoReferrerOnLinks(true).
RequireNoFollowOnLinks(true).
RequireCrossOriginAnonymous(true)
RequireCrossOriginAnonymous(true).
AddTargetBlankToFullyQualifiedLinks(true)
// outgoing policy should be used on statuses we've already parsed and added our own elements etc to. It is less strict than regular.
var outgoing *bluemonday.Policy = regular.
AllowAttrs("class", "href", "rel").OnElements("a").
AllowAttrs("class").OnElements("span")
// '[C]an be thought of as equivalent to stripping all HTML elements and their attributes as it has nothing on its allowlist.
// An example usage scenario would be blog post titles where HTML tags are not expected at all
@@ -48,3 +54,9 @@ func SanitizeHTML(in string) string {
func RemoveHTML(in string) string {
return strict.Sanitize(in)
}
// SanitizeOutgoing cleans up HTML in the given string, allowing through only safe elements and elements that were added during the parsing process.
// This should be used on text that we've already converted into HTML, just to catch any weirdness.
func SanitizeOutgoing(in string) string {
return outgoing.Sanitize(in)
}