diff options
author | Simon Ser <contact@emersion.fr> | 2020-01-08 14:25:46 +0100 |
---|---|---|
committer | Simon Ser <contact@emersion.fr> | 2020-01-20 16:20:16 +0100 |
commit | 8d248bc32fa18e4bc9c26fabf603fdaadc45963c (patch) | |
tree | cd2aa12bdecc6755f08ffc54275f5266d0212d30 | |
parent | d745f98bb7e77e9a1841ca9f5b7c9a6046c3b794 (diff) | |
download | alps-8d248bc32fa18e4bc9c26fabf603fdaadc45963c.tar.gz alps-8d248bc32fa18e4bc9c26fabf603fdaadc45963c.zip |
Extract HTML sanitizer to its own file
-rw-r--r-- | plugins/base/routes.go | 8 | ||||
-rw-r--r-- | plugins/base/sanitize_html.go | 18 |
2 files changed, 19 insertions, 7 deletions
diff --git a/plugins/base/routes.go b/plugins/base/routes.go index a5c6c21..798615f 100644 --- a/plugins/base/routes.go +++ b/plugins/base/routes.go @@ -16,7 +16,6 @@ import ( "github.com/emersion/go-message" "github.com/emersion/go-smtp" "github.com/labstack/echo/v4" - "github.com/microcosm-cc/bluemonday" ) func registerRoutes(p *koushin.GoPlugin) { @@ -246,12 +245,7 @@ func handleGetPart(ctx *koushin.Context, raw bool) error { isHTML := false if strings.EqualFold(mimeType, "text/html") { - p := bluemonday.UGCPolicy() - // TODO: be more strict - p.AllowElements("style") - p.AllowAttrs("style") - p.AddTargetBlankToFullyQualifiedLinks(true) - body = p.Sanitize(body) + body = sanitizeHTML(body) isHTML = true } diff --git a/plugins/base/sanitize_html.go b/plugins/base/sanitize_html.go new file mode 100644 index 0000000..f48ef4a --- /dev/null +++ b/plugins/base/sanitize_html.go @@ -0,0 +1,18 @@ +package koushinbase + +import ( + "github.com/microcosm-cc/bluemonday" +) + +func sanitizeHTML(b string) string { + p := bluemonday.UGCPolicy() + + // TODO: be more strict + p.AllowElements("style") + p.AllowAttrs("style") + + p.AddTargetBlankToFullyQualifiedLinks(true) + p.RequireNoFollowOnLinks(true) + + return p.Sanitize(b) +} |