2017-11-20 05:49:19 +00:00
|
|
|
package core
|
|
|
|
|
2017-11-24 19:56:32 +00:00
|
|
|
import (
|
|
|
|
"github.com/microcosm-cc/bluemonday"
|
|
|
|
"github.com/shurcooL/github_flavored_markdown"
|
|
|
|
)
|
2017-11-20 05:49:19 +00:00
|
|
|
|
2017-11-24 19:56:32 +00:00
|
|
|
// RenderMarkdown renders markdown to HTML, safely. It uses blackfriday to
|
|
|
|
// render Markdown to HTML and then Bluemonday to sanitize the resulting HTML.
|
2017-11-20 05:49:19 +00:00
|
|
|
func (b *Blog) RenderMarkdown(input string) string {
|
2017-11-24 19:56:32 +00:00
|
|
|
unsafe := []byte(b.RenderTrustedMarkdown(input))
|
|
|
|
|
|
|
|
// Sanitize HTML, but allow fenced code blocks to not get mangled in user
|
|
|
|
// submitted comments.
|
|
|
|
p := bluemonday.UGCPolicy()
|
|
|
|
p.AllowAttrs("class").Matching(reFencedCodeClass).OnElements("code")
|
|
|
|
html := p.SanitizeBytes(unsafe)
|
|
|
|
return string(html)
|
|
|
|
}
|
|
|
|
|
|
|
|
// RenderTrustedMarkdown renders markdown to HTML, but without applying
|
|
|
|
// bluemonday filtering afterward. This is for blog posts and website
|
|
|
|
// Markdown pages, not for user-submitted comments or things.
|
|
|
|
func (b *Blog) RenderTrustedMarkdown(input string) string {
|
|
|
|
html := github_flavored_markdown.Markdown([]byte(input))
|
|
|
|
return string(html)
|
2017-11-20 05:49:19 +00:00
|
|
|
}
|