routes: sanitize readme content for non markdown files
1 file changed, 2 insertions(+), 1 deletion(-)
jump to
M routes/routes.go → routes/routes.go
@@ -121,8 +121,9 @@ ) html := bluemonday.UGCPolicy().SanitizeBytes(unsafe) readmeContent = template.HTML(html) default: + safe := bluemonday.UGCPolicy().SanitizeBytes([]byte(content)) readmeContent = template.HTML( - fmt.Sprintf(`<pre>%s</pre>`, content), + fmt.Sprintf(`<pre>%s</pre>`, safe), ) } break