web frontend for git (tangled's grandpa)
routes: sanitize readme content for non markdown files
+2
-1
+2
-1
routes/routes.go
+2
-1
routes/routes.go
···
121
121
html := bluemonday.UGCPolicy().SanitizeBytes(unsafe)
122
122
readmeContent = template.HTML(html)
123
123
default:
124
+
safe := bluemonday.UGCPolicy().SanitizeBytes([]byte(content))
124
125
readmeContent = template.HTML(
125
-
fmt.Sprintf(`<pre>%s</pre>`, content),
126
+
fmt.Sprintf(`<pre>%s</pre>`, safe),
126
127
)
127
128
}
128
129
break