[bugfix] Use custom bluemonday policy to disallow inline img tags (#2100)

author: tobi <31960611+tsmethurst@users.noreply.github.com> 2023-08-11 14:40:11 +0200
committer: GitHub <noreply@github.com> 2023-08-11 14:40:11 +0200
commit: dc96562b4084e058846aea9102ef0257461717d6 (patch)
tree: a0b4bdbaa266386c7fdbbc02ca3e62bae559bf17 /internal/text/markdown.go
parent: [feature] Set Content-Security-Policy header (#2095) (diff)
download: gotosocial-dc96562b4084e058846aea9102ef0257461717d6.tar.xz
1 files changed, 2 insertions, 5 deletions
diff --git a/internal/text/markdown.go b/internal/text/markdown.go
index c7d4958f4..ecc49673b 100644
--- a/internal/text/markdown.go
+++ b/internal/text/markdown.go
@@ -57,13 +57,10 @@ func (f *formatter) FromMarkdown(ctx context.Context, pmf gtsmodel.ParseMentionF
 	result.HTML = htmlContentBytes.String()
 
 	// clean anything dangerous out of the HTML
-	result.HTML = SanitizeHTML(result.HTML)
+	result.HTML = SanitizeToHTML(result.HTML)
 
 	// shrink ray
-	result.HTML, err = m.String("text/html", result.HTML)
-	if err != nil {
-		log.Errorf(ctx, "error minifying HTML: %s", err)
-	}
+	result.HTML = MinifyHTML(result.HTML)
 
 	return result
 }
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2023-08-11 14:40:11 +0200
committer	GitHub <noreply@github.com>	2023-08-11 14:40:11 +0200
commit	dc96562b4084e058846aea9102ef0257461717d6 (patch)
tree	a0b4bdbaa266386c7fdbbc02ca3e62bae559bf17 /internal/text/markdown.go
parent	[feature] Set Content-Security-Policy header (#2095) (diff)
download	gotosocial-dc96562b4084e058846aea9102ef0257461717d6.tar.xz