From 64772aa20326fde084bb1a9ea5b60d7fe325f769 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 14 Mar 2023 15:13:03 -0400
Subject: [PATCH] Loosen restrictions on rendered img alt attribute

Previously, certain characters weren't allowed, and they would cause the entire
alt attribute to be elided from the rendered page. Since we safely sanitize the
content of this attribute anyway, this is unnecessary, so we now allow all text
entered there.

Fixes #649
---
 postrender.go | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/postrender.go b/postrender.go
index 5be8d0c..8e4d706 100644
--- a/postrender.go
+++ b/postrender.go
@@ -270,6 +270,7 @@ func getSanitizationPolicy() *bluemonday.Policy {
 	policy.AllowAttrs("target").OnElements("a")
 	policy.AllowAttrs("title").OnElements("abbr")
 	policy.AllowAttrs("style", "class", "id").Globally()
+	policy.AllowAttrs("alt").OnElements("img")
 	policy.AllowElements("header", "footer")
 	policy.AllowURLSchemes("http", "https", "mailto", "xmpp")
 	return policy
@@ -284,12 +285,13 @@ func sanitizePost(content string) string {
 // choosing what to generate. In case a post has a title, this function will
 // fail, and logic should instead be implemented to skip this when there's no
 // title, like so:
-//    var desc string
-//    if title == "" {
-//        desc = postDescription(content, title, friendlyId)
-//    } else {
-//        desc = shortPostDescription(content)
-//    }
+//
+//	var desc string
+//	if title == "" {
+//	    desc = postDescription(content, title, friendlyId)
+//	} else {
+//	    desc = shortPostDescription(content)
+//	}
 func postDescription(content, title, friendlyId string) string {
 	maxLen := 140