commit decae0a3e670211642c0e95311f575957ef9d91d
parent f0be01a424df9258abb3e0a641a38723972126e1
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Mon, 22 May 2023 08:24:34 -0700
cleanup
Diffstat:
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/pkg/web/handlers/api/v1/msgInterceptor.go b/pkg/web/handlers/api/v1/msgInterceptor.go
@@ -75,6 +75,13 @@ func generalRoomKarma(db *database.DkfDB, authUser *database.User) {
}
}
+var msgPolicy = bluemonday.NewPolicy().
+ AllowElements("a", "p", "span", "strong", "del", "code", "pre", "em", "ul", "li", "br", "small", "i").
+ AllowAttrs("href", "rel", "target").OnElements("a").
+ AllowAttrs("tabindex", "style").OnElements("pre").
+ AllowAttrs("style", "class", "title").OnElements("span").
+ AllowAttrs("style").OnElements("small")
+
// ProcessRawMessage return the new html, and a map of tagged users used for notifications
// This function takes an "unsafe" user input "in", and return html which will be safe to render.
func ProcessRawMessage(db *database.DkfDB, in, roomKey string, authUserID database.UserID, roomID database.RoomID,
@@ -100,13 +107,7 @@ func ProcessRawMessage(db *database.DkfDB, in, roomKey string, authUserID databa
if quoted != nil { // Add quoted message owner for inboxes
taggedUsersIDsMap[quoted.UserID] = quoted.User
}
- p := bluemonday.NewPolicy()
- p.AllowElements("a", "p", "span", "strong", "del", "code", "pre", "em", "ul", "li", "br", "small", "i")
- p.AllowAttrs("href", "rel", "target").OnElements("a")
- p.AllowAttrs("tabindex", "style").OnElements("pre")
- p.AllowAttrs("style", "class", "title").OnElements("span")
- p.AllowAttrs("style").OnElements("small")
- html = p.Sanitize(html)
+ html = msgPolicy.Sanitize(html)
return html, taggedUsersIDsMap, nil
}
