aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--plugins/base/routes.go8
-rw-r--r--plugins/base/sanitize_html.go18
2 files changed, 19 insertions, 7 deletions
diff --git a/plugins/base/routes.go b/plugins/base/routes.go
index a5c6c21..798615f 100644
--- a/plugins/base/routes.go
+++ b/plugins/base/routes.go
@@ -16,7 +16,6 @@ import (
"github.com/emersion/go-message"
"github.com/emersion/go-smtp"
"github.com/labstack/echo/v4"
- "github.com/microcosm-cc/bluemonday"
)
func registerRoutes(p *koushin.GoPlugin) {
@@ -246,12 +245,7 @@ func handleGetPart(ctx *koushin.Context, raw bool) error {
isHTML := false
if strings.EqualFold(mimeType, "text/html") {
- p := bluemonday.UGCPolicy()
- // TODO: be more strict
- p.AllowElements("style")
- p.AllowAttrs("style")
- p.AddTargetBlankToFullyQualifiedLinks(true)
- body = p.Sanitize(body)
+ body = sanitizeHTML(body)
isHTML = true
}
diff --git a/plugins/base/sanitize_html.go b/plugins/base/sanitize_html.go
new file mode 100644
index 0000000..f48ef4a
--- /dev/null
+++ b/plugins/base/sanitize_html.go
@@ -0,0 +1,18 @@
+package koushinbase
+
+import (
+ "github.com/microcosm-cc/bluemonday"
+)
+
+func sanitizeHTML(b string) string {
+ p := bluemonday.UGCPolicy()
+
+ // TODO: be more strict
+ p.AllowElements("style")
+ p.AllowAttrs("style")
+
+ p.AddTargetBlankToFullyQualifiedLinks(true)
+ p.RequireNoFollowOnLinks(true)
+
+ return p.Sanitize(b)
+}