package core

import (
	"github.com/microcosm-cc/bluemonday"
	"github.com/shurcooL/github_flavored_markdown"
)

// RenderMarkdown renders markdown to HTML, safely. It uses blackfriday to
// render Markdown to HTML and then Bluemonday to sanitize the resulting HTML.
func (b *Blog) RenderMarkdown(input string) string {
	unsafe := []byte(b.RenderTrustedMarkdown(input))

	// Sanitize HTML, but allow fenced code blocks to not get mangled in user
	// submitted comments.
	p := bluemonday.UGCPolicy()
	p.AllowAttrs("class").Matching(reFencedCodeClass).OnElements("code")
	html := p.SanitizeBytes(unsafe)
	return string(html)
}

// RenderTrustedMarkdown renders markdown to HTML, but without applying
// bluemonday filtering afterward. This is for blog posts and website
// Markdown pages, not for user-submitted comments or things.
func (b *Blog) RenderTrustedMarkdown(input string) string {
	html := github_flavored_markdown.Markdown([]byte(input))
	return string(html)
}