github.com/benoitkugler/goacve@v0.0.0-20201217100549-151ce6e55dc8/server/directeurs/sanitize.go (about)

     1  package directeurs
     2  
     3  import (
     4  	"github.com/microcosm-cc/bluemonday"
     5  )
     6  
     7  var (
     8  	policy *bluemonday.Policy
     9  
    10  	tags = []string{
    11  		"sub", "sup", "b", "i", "u", "h1", "h2", "h3", "h4", "h5", "h6",
    12  		"strike", "a", "strong", "ul", "ol", "li", "br",
    13  		"span", "em", "p", "blockquote", "hr", "img",
    14  	}
    15  
    16  	attributes = []string{"style", "title", "src", "width", "height", "href", "target"}
    17  
    18  	styles = []string{"color", "background-color", "font-weight", "text-align", "font-size", "float", "margin",
    19  		"text-decoration", "margin-left", "margin-right", "display", "border-style", "border-width"}
    20  
    21  	fonts = []string{"arial"}
    22  )
    23  
    24  // mise en place des régles de filtrages
    25  func init() {
    26  	policy = bluemonday.NewPolicy()
    27  	policy.AllowElements(tags...)
    28  	policy.AllowAttrs(attributes...).Globally()
    29  	policy.AllowStyles(styles...).Globally()
    30  	// URLs must be parseable by net/url.Parse()
    31  	policy.RequireParseableURLs(true)
    32  	// Most common URL schemes only
    33  	policy.AllowURLSchemes("mailto", "http", "https")
    34  	policy.AllowDataURIImages()
    35  	policy.AllowStyles("font-family").MatchingEnum(fonts...).Globally()
    36  }
    37  
    38  func sanitizeHtml(html string) string {
    39  	return policy.Sanitize(html)
    40  }