diff --git a/examples/hackernews/go.mod b/examples/hackernews/go.mod index f8b710b..0c91ab8 100644 --- a/examples/hackernews/go.mod +++ b/examples/hackernews/go.mod @@ -2,9 +2,15 @@ module hackernews go 1.23.0 -require github.com/maddalax/htmgo/framework v1.0.2-0.20241026030703-8e048cbddc36 +require ( + github.com/go-chi/chi/v5 v5.1.0 + github.com/maddalax/htmgo/framework v1.0.2-0.20241026030703-8e048cbddc36 + github.com/microcosm-cc/bluemonday v1.0.27 +) require ( - github.com/go-chi/chi/v5 v5.1.0 // indirect + github.com/aymerick/douceur v0.2.0 // indirect github.com/google/uuid v1.6.0 // indirect + github.com/gorilla/css v1.0.1 // indirect + golang.org/x/net v0.29.0 // indirect ) diff --git a/examples/hackernews/go.sum b/examples/hackernews/go.sum index 9e59b50..80cb8b9 100644 --- a/examples/hackernews/go.sum +++ b/examples/hackernews/go.sum @@ -1,11 +1,17 @@ +github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= +github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw= github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8= +github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0= github.com/maddalax/htmgo/framework v1.0.2-0.20241026030703-8e048cbddc36 h1:cwXqeTQrGAxMhGhpMJ3/sUGRvdDm3HWPNO5ayYzoRcU= github.com/maddalax/htmgo/framework v1.0.2-0.20241026030703-8e048cbddc36/go.mod h1:NGGzWVXWksrQJ9kV9SGa/A1F1Bjsgc08cN7ZVb98RqY= +github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk= +github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= diff --git a/examples/hackernews/internal/sanitize/sanitize.go b/examples/hackernews/internal/sanitize/sanitize.go new file mode 100644 index 0000000..83aec98 --- /dev/null +++ b/examples/hackernews/internal/sanitize/sanitize.go @@ -0,0 +1,9 @@ +package sanitize + +import "github.com/microcosm-cc/bluemonday" + +var p = bluemonday.UGCPolicy() + +func Sanitize(text string) string { + return p.Sanitize(text) +} diff --git a/examples/hackernews/partials/comments.go b/examples/hackernews/partials/comments.go index 270959a..0a102ae 100644 --- a/examples/hackernews/partials/comments.go +++ b/examples/hackernews/partials/comments.go @@ -5,6 +5,7 @@ import ( "github.com/maddalax/htmgo/framework/h" "hackernews/internal/batch" "hackernews/internal/news" + "hackernews/internal/sanitize" "hackernews/internal/timeformat" "strings" "time" @@ -75,7 +76,7 @@ func Comment(item news.Comment, nesting int) *h.Element { h.Class("flex gap-1 items-center"), h.Div( h.Class("font-bold text-rose-500"), - h.Text(item.By), + h.UnsafeRaw(sanitize.Sanitize(item.By)), ), h.Div( h.Class("text-sm text-gray-600"), @@ -85,7 +86,7 @@ func Comment(item news.Comment, nesting int) *h.Element { ), h.Div( h.Class("text-sm text-gray-600"), - h.Text(strings.TrimSpace(item.Text)), + h.UnsafeRaw(sanitize.Sanitize(strings.TrimSpace(item.Text))), ), ), h.If( diff --git a/examples/hackernews/partials/sidebar.go b/examples/hackernews/partials/sidebar.go index 8dbba45..187a06c 100644 --- a/examples/hackernews/partials/sidebar.go +++ b/examples/hackernews/partials/sidebar.go @@ -6,6 +6,7 @@ import ( "hackernews/components" "hackernews/internal/news" "hackernews/internal/parse" + "hackernews/internal/sanitize" "hackernews/internal/timeformat" "time" ) @@ -142,7 +143,7 @@ var CachedStoryList = h.CachedPerKeyT4(time.Minute*5, func(category string, page h.Class("block p-2 bg-white rounded-md shadow cursor-pointer"), h.Div( h.Class("font-bold"), - h.Text(item.Title), + h.UnsafeRaw(sanitize.Sanitize(item.Title)), ), h.Div( h.Class("text-sm text-gray-600"), diff --git a/examples/hackernews/partials/story.go b/examples/hackernews/partials/story.go index 4bea202..a4b0f10 100644 --- a/examples/hackernews/partials/story.go +++ b/examples/hackernews/partials/story.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/maddalax/htmgo/framework/h" "hackernews/internal/news" + "hackernews/internal/sanitize" "hackernews/internal/timeformat" "time" ) @@ -57,7 +58,7 @@ func StoryBody(story *news.Story) *h.Element { h.Class("prose prose-2xl border-b border-gray-200 pb-3 max-w-none w-full"), h.H5( h.Class("flex gap-2 items-left font-bold"), - h.Text(story.Title), + h.UnsafeRaw(sanitize.Sanitize(story.Title)), ), h.A( h.Href(story.Url), @@ -66,7 +67,7 @@ func StoryBody(story *news.Story) *h.Element { ), h.Div( h.Class("text-sm text-gray-600"), - h.Text(story.Text), + h.UnsafeRaw(sanitize.Sanitize(story.Text)), ), h.Div( h.Class("text-sm text-gray-600 mt-2"),