Merge pull request #71 from mprobst/master Add support for a bunch more safe HTML element tags, and bring them into...
Vytautas Ĺ altenis vytas@rtfb.lt
Fri, 02 May 2014 00:55:47 +0300
2 files changed,
19 insertions(+),
6 deletions(-)
M
inline_test.go
→
inline_test.go
@@ -211,6 +211,9 @@ "<!-- Comment -->\n",
"<!DOCTYPE test>", "<p><!DOCTYPE test></p>\n", + + "<hr>", + "<hr>\n", } doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SANITIZE_OUTPUT) }@@ -548,7 +551,7 @@ }
func TestHrefTargetBlank(t *testing.T) { var tests = []string{ - // internal link + // internal link "[foo](/bar/)\n", "<p><a href=\"/bar/\">foo</a></p>\n",
M
sanitize.go
→
sanitize.go
@@ -19,12 +19,22 @@ )
func init() { whitelistTags = toSet([]string{ - "a", "b", "blockquote", "br", "caption", "cite", "code", "col", - "colgroup", "dd", "div", "dl", "dt", "em", + // Headings "h1", "h2", "h3", "h4", "h5", "h6", - "i", "img", "li", "ol", "p", "pre", "q", "small", "strike", "strong", - "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "u", - "ul"}) + // Block elements + "p", "pre", "blockquote", "hr", "div", "header", "article", "aside", "footer", + "section", "main", "mark", "figure", "figcaption", + // Inline elements + "a", "br", "cite", "code", "img", + // Lists + "ol", "ul", "li", + // Tables + "table", "tbody", "td", "tfoot", "th", "thead", "tr", "colgroup", "col", "caption", + // Formatting + "u", "i", "em", "small", "strike", "b", "strong", "sub", "sup", "q", + // Definition lists + "dd", "dl", "dt", + }) whitelistAttrs = map[string]map[string]bool{ "a": toSet([]string{"href", "title", "rel"}), "img": toSet([]string{"src", "alt", "title"}),