routes: sanitize readme content for non markdown files
Anirudh Oppiliappan x@icyphox.sh
Thu, 16 Jan 2025 11:39:54 +0200
1 files changed, 2 insertions(+), 1 deletions(-)
jump to
M routes/routes.go → routes/routes.go
@@ -121,8 +121,9 @@ ) html := bluemonday.UGCPolicy().SanitizeBytes(unsafe) readmeContent = template.HTML(html) default: + safe := bluemonday.UGCPolicy().SanitizeBytes([]byte(content)) readmeContent = template.HTML( - fmt.Sprintf(`<pre>%s</pre>`, content), + fmt.Sprintf(`<pre>%s</pre>`, safe), ) } break