all repos — grayfriday @ 8d2af3a21bd6916ee914d750900b15b7d0ba681b

blackfriday fork with a few changes

Add support for a bunch more safe HTML element tags, and bring them into some order.
Martin Probst martin@probst.io
Thu, 01 May 2014 22:08:32 +0200
commit

8d2af3a21bd6916ee914d750900b15b7d0ba681b

parent

aeb569ff46fab0d05de6a42eaa28c2ae86783cf4

2 files changed, 19 insertions(+), 6 deletions(-)

jump to
M inline_test.goinline_test.go

@@ -211,6 +211,9 @@ "<!-- Comment -->\n",

"<!DOCTYPE test>", "<p>&lt;!DOCTYPE test&gt;</p>\n", + + "<hr>", + "<hr>\n", } doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SANITIZE_OUTPUT) }

@@ -548,7 +551,7 @@ }

func TestHrefTargetBlank(t *testing.T) { var tests = []string{ - // internal link + // internal link "[foo](/bar/)\n", "<p><a href=\"/bar/\">foo</a></p>\n",
M sanitize.gosanitize.go

@@ -19,12 +19,22 @@ )

func init() { whitelistTags = toSet([]string{ - "a", "b", "blockquote", "br", "caption", "cite", "code", "col", - "colgroup", "dd", "div", "dl", "dt", "em", + // Headings "h1", "h2", "h3", "h4", "h5", "h6", - "i", "img", "li", "ol", "p", "pre", "q", "small", "strike", "strong", - "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "u", - "ul"}) + // Block elements + "p", "pre", "blockquote", "hr", "div", "header", "article", "aside", "footer", + "section", "main", "mark", "figure", "figcaption", + // Inline elements + "a", "br", "cite", "code", "img", + // Lists + "ol", "ul", "li", + // Tables + "table", "tbody", "td", "tfoot", "th", "thead", "tr", "colgroup", "col", "caption", + // Formatting + "u", "i", "em", "small", "strike", "b", "strong", "sub", "sup", "q", + // Definition lists + "dd", "dl", "dt", + }) whitelistAttrs = map[string]map[string]bool{ "a": toSet([]string{"href", "title", "rel"}), "img": toSet([]string{"src", "alt", "title"}),