()
| 260 | } |
| 261 | |
| 262 | func getSanitizationPolicy() *bluemonday.Policy { |
| 263 | policy := bluemonday.UGCPolicy() |
| 264 | policy.AllowAttrs("src", "style").OnElements("iframe", "video", "audio") |
| 265 | policy.AllowAttrs("src", "type").OnElements("source") |
| 266 | policy.AllowAttrs("frameborder", "width", "height").Matching(bluemonday.Integer).OnElements("iframe") |
| 267 | policy.AllowAttrs("allowfullscreen").OnElements("iframe") |
| 268 | policy.AllowAttrs("controls", "loop", "muted", "autoplay").OnElements("video") |
| 269 | policy.AllowAttrs("controls", "loop", "muted", "autoplay", "preload").OnElements("audio") |
| 270 | policy.AllowAttrs("target").OnElements("a") |
| 271 | policy.AllowAttrs("title").OnElements("abbr") |
| 272 | policy.AllowAttrs("style", "class", "id").Globally() |
| 273 | policy.AllowAttrs("alt").OnElements("img") |
| 274 | policy.AllowElements("header", "footer") |
| 275 | policy.AllowURLSchemes("http", "https", "mailto", "xmpp") |
| 276 | return policy |
| 277 | } |
| 278 | |
| 279 | func sanitizePost(content string) string { |
| 280 | return strings.Replace(content, "<", "<", -1) |
no outgoing calls
no test coverage detected