github.com/benoitkugler/goacve@v0.0.0-20201217100549-151ce6e55dc8/server/directeurs/sanitize.go (about) 1 package directeurs 2 3 import ( 4 "github.com/microcosm-cc/bluemonday" 5 ) 6 7 var ( 8 policy *bluemonday.Policy 9 10 tags = []string{ 11 "sub", "sup", "b", "i", "u", "h1", "h2", "h3", "h4", "h5", "h6", 12 "strike", "a", "strong", "ul", "ol", "li", "br", 13 "span", "em", "p", "blockquote", "hr", "img", 14 } 15 16 attributes = []string{"style", "title", "src", "width", "height", "href", "target"} 17 18 styles = []string{"color", "background-color", "font-weight", "text-align", "font-size", "float", "margin", 19 "text-decoration", "margin-left", "margin-right", "display", "border-style", "border-width"} 20 21 fonts = []string{"arial"} 22 ) 23 24 // mise en place des régles de filtrages 25 func init() { 26 policy = bluemonday.NewPolicy() 27 policy.AllowElements(tags...) 28 policy.AllowAttrs(attributes...).Globally() 29 policy.AllowStyles(styles...).Globally() 30 // URLs must be parseable by net/url.Parse() 31 policy.RequireParseableURLs(true) 32 // Most common URL schemes only 33 policy.AllowURLSchemes("mailto", "http", "https") 34 policy.AllowDataURIImages() 35 policy.AllowStyles("font-family").MatchingEnum(fonts...).Globally() 36 } 37 38 func sanitizeHtml(html string) string { 39 return policy.Sanitize(html) 40 }