Grand test fixup (#138)

* start fixing up tests

* fix up tests + automate with drone

* fiddle with linting

* messing about with drone.yml

* some more fiddling

* hmmm

* add cache

* add vendor directory

* verbose

* ci updates

* update some little things

* update sig

1 files changed, 835 insertions, 0 deletions

diff --git a/vendor/github.com/microcosm-cc/bluemonday/policy.go b/vendor/github.com/microcosm-cc/bluemonday/policy.go
new file mode 100644
index 000000000..602a20379
--- /dev/null
+++ b/vendor/github.com/microcosm-cc/bluemonday/policy.go
@@ -0,0 +1,835 @@
+// Copyright (c) 2014, David Kitchen <david@buro9.com>
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+//
+// * Neither the name of the organisation (Microcosm) nor the names of its
+//   contributors may be used to endorse or promote products derived from
+//   this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package bluemonday
+
+//TODO sgutzwiller create map of styles to default handlers
+//TODO sgutzwiller create handlers for various attributes
+import (
+	"net/url"
+	"regexp"
+	"strings"
+
+	"github.com/microcosm-cc/bluemonday/css"
+)
+
+// Policy encapsulates the allowlist of HTML elements and attributes that will
+// be applied to the sanitised HTML.
+//
+// You should use bluemonday.NewPolicy() to create a blank policy as the
+// unexported fields contain maps that need to be initialized.
+type Policy struct {
+
+	// Declares whether the maps have been initialized, used as a cheap check to
+	// ensure that those using Policy{} directly won't cause nil pointer
+	// exceptions
+	initialized bool
+
+	// If true then we add spaces when stripping tags, specifically the closing
+	// tag is replaced by a space character.
+	addSpaces bool
+
+	// When true, add rel="nofollow" to HTML a, area, and link tags
+	requireNoFollow bool
+
+	// When true, add rel="nofollow" to HTML a, area, and link tags
+	// Will add for href="http://foo"
+	// Will skip for href="/foo" or href="foo"
+	requireNoFollowFullyQualifiedLinks bool
+
+	// When true, add rel="noreferrer" to HTML a, area, and link tags
+	requireNoReferrer bool
+
+	// When true, add rel="noreferrer" to HTML a, area, and link tags
+	// Will add for href="http://foo"
+	// Will skip for href="/foo" or href="foo"
+	requireNoReferrerFullyQualifiedLinks bool
+
+	// When true, add crossorigin="anonymous" to HTML audio, img, link, script, and video tags
+	requireCrossOriginAnonymous bool
+
+	// When true add target="_blank" to fully qualified links
+	// Will add for href="http://foo"
+	// Will skip for href="/foo" or href="foo"
+	addTargetBlankToFullyQualifiedLinks bool
+
+	// When true, URLs must be parseable by "net/url" url.Parse()
+	requireParseableURLs bool
+
+	// When true, u, _ := url.Parse("url"); !u.IsAbs() is permitted
+	allowRelativeURLs bool
+
+	// When true, allow data attributes.
+	allowDataAttributes bool
+
+	// When true, allow comments.
+	allowComments bool
+
+	// map[htmlElementName]map[htmlAttributeName][]attrPolicy
+	elsAndAttrs map[string]map[string][]attrPolicy
+
+	// elsMatchingAndAttrs stores regex based element matches along with attributes
+	elsMatchingAndAttrs map[*regexp.Regexp]map[string][]attrPolicy
+
+	// map[htmlAttributeName][]attrPolicy
+	globalAttrs map[string][]attrPolicy
+
+	// map[htmlElementName]map[cssPropertyName][]stylePolicy
+	elsAndStyles map[string]map[string][]stylePolicy
+
+	// map[regex]map[cssPropertyName][]stylePolicy
+	elsMatchingAndStyles map[*regexp.Regexp]map[string][]stylePolicy
+
+	// map[cssPropertyName][]stylePolicy
+	globalStyles map[string][]stylePolicy
+
+	// If urlPolicy is nil, all URLs with matching schema are allowed.
+	// Otherwise, only the URLs with matching schema and urlPolicy(url)
+	// returning true are allowed.
+	allowURLSchemes map[string][]urlPolicy
+
+	// If an element has had all attributes removed as a result of a policy
+	// being applied, then the element would be removed from the output.
+	//
+	// However some elements are valid and have strong layout meaning without
+	// any attributes, i.e. <table>. To prevent those being removed we maintain
+	// a list of elements that are allowed to have no attributes and that will
+	// be maintained in the output HTML.
+	setOfElementsAllowedWithoutAttrs map[string]struct{}
+
+	// If an element has had all attributes removed as a result of a policy
+	// being applied, then the element would be removed from the output.
+	//
+	// However some elements are valid and have strong layout meaning without
+	// any attributes, i.e. <table>.
+	//
+	// In this case, any element matching a regular expression will be accepted without
+	// attributes added.
+	setOfElementsMatchingAllowedWithoutAttrs []*regexp.Regexp
+
+	setOfElementsToSkipContent map[string]struct{}
+}
+
+type attrPolicy struct {
+
+	// optional pattern to match, when not nil the regexp needs to match
+	// otherwise the attribute is removed
+	regexp *regexp.Regexp
+}
+
+type stylePolicy struct {
+	// handler to validate
+	handler func(string) bool
+
+	// optional pattern to match, when not nil the regexp needs to match
+	// otherwise the property is removed
+	regexp *regexp.Regexp
+
+	// optional list of allowed property values, for properties which
+	// have a defined list of allowed values; property will be removed
+	// if the value is not allowed
+	enum []string
+}
+
+type attrPolicyBuilder struct {
+	p *Policy
+
+	attrNames  []string
+	regexp     *regexp.Regexp
+	allowEmpty bool
+}
+
+type stylePolicyBuilder struct {
+	p *Policy
+
+	propertyNames []string
+	regexp        *regexp.Regexp
+	enum          []string
+	handler       func(string) bool
+}
+
+type urlPolicy func(url *url.URL) (allowUrl bool)
+
+// init initializes the maps if this has not been done already
+func (p *Policy) init() {
+	if !p.initialized {
+		p.elsAndAttrs = make(map[string]map[string][]attrPolicy)
+		p.elsMatchingAndAttrs = make(map[*regexp.Regexp]map[string][]attrPolicy)
+		p.globalAttrs = make(map[string][]attrPolicy)
+		p.elsAndStyles = make(map[string]map[string][]stylePolicy)
+		p.elsMatchingAndStyles = make(map[*regexp.Regexp]map[string][]stylePolicy)
+		p.globalStyles = make(map[string][]stylePolicy)
+		p.allowURLSchemes = make(map[string][]urlPolicy)
+		p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{})
+		p.setOfElementsToSkipContent = make(map[string]struct{})
+		p.initialized = true
+	}
+}
+
+// NewPolicy returns a blank policy with nothing allowed or permitted. This
+// is the recommended way to start building a policy and you should now use
+// AllowAttrs() and/or AllowElements() to construct the allowlist of HTML
+// elements and attributes.
+func NewPolicy() *Policy {
+
+	p := Policy{}
+
+	p.addDefaultElementsWithoutAttrs()
+	p.addDefaultSkipElementContent()
+
+	return &p
+}
+
+// AllowAttrs takes a range of HTML attribute names and returns an
+// attribute policy builder that allows you to specify the pattern and scope of
+// the allowed attribute.
+//
+// The attribute policy is only added to the core policy when either Globally()
+// or OnElements(...) are called.
+func (p *Policy) AllowAttrs(attrNames ...string) *attrPolicyBuilder {
+
+	p.init()
+
+	abp := attrPolicyBuilder{
+		p:          p,
+		allowEmpty: false,
+	}
+
+	for _, attrName := range attrNames {
+		abp.attrNames = append(abp.attrNames, strings.ToLower(attrName))
+	}
+
+	return &abp
+}
+
+// AllowDataAttributes permits all data attributes. We can't specify the name
+// of each attribute exactly as they are customized.
+//
+// NOTE: These values are not sanitized and applications that evaluate or process
+// them without checking and verification of the input may be at risk if this option
+// is enabled. This is a 'caveat emptor' option and the person enabling this option
+// needs to fully understand the potential impact with regards to whatever application
+// will be consuming the sanitized HTML afterwards, i.e. if you know you put a link in a
+// data attribute and use that to automatically load some new window then you're giving
+// the author of a HTML fragment the means to open a malicious destination automatically.
+// Use with care!
+func (p *Policy) AllowDataAttributes() {
+	p.allowDataAttributes = true
+}
+
+// AllowComments allows comments.
+//
+// Please note that only one type of comment will be allowed by this, this is the
+// the standard HTML comment <!-- --> which includes the use of that to permit
+// conditionals as per https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/ms537512(v=vs.85)?redirectedfrom=MSDN
+//
+// What is not permitted are CDATA XML comments, as the x/net/html package we depend
+// on does not handle this fully and we are not choosing to take on that work:
+// https://pkg.go.dev/golang.org/x/net/html#Tokenizer.AllowCDATA . If the x/net/html
+// package changes this then these will be considered, otherwise if you AllowComments
+// but provide a CDATA comment, then as per the documentation in x/net/html this will
+// be treated as a plain HTML comment.
+func (p *Policy) AllowComments() {
+	p.allowComments = true
+}
+
+// AllowNoAttrs says that attributes on element are optional.
+//
+// The attribute policy is only added to the core policy when OnElements(...)
+// are called.
+func (p *Policy) AllowNoAttrs() *attrPolicyBuilder {
+
+	p.init()
+
+	abp := attrPolicyBuilder{
+		p:          p,
+		allowEmpty: true,
+	}
+	return &abp
+}
+
+// AllowNoAttrs says that attributes on element are optional.
+//
+// The attribute policy is only added to the core policy when OnElements(...)
+// are called.
+func (abp *attrPolicyBuilder) AllowNoAttrs() *attrPolicyBuilder {
+
+	abp.allowEmpty = true
+
+	return abp
+}
+
+// Matching allows a regular expression to be applied to a nascent attribute
+// policy, and returns the attribute policy.
+func (abp *attrPolicyBuilder) Matching(regex *regexp.Regexp) *attrPolicyBuilder {
+
+	abp.regexp = regex
+
+	return abp
+}
+
+// OnElements will bind an attribute policy to a given range of HTML elements
+// and return the updated policy
+func (abp *attrPolicyBuilder) OnElements(elements ...string) *Policy {
+
+	for _, element := range elements {
+		element = strings.ToLower(element)
+
+		for _, attr := range abp.attrNames {
+
+			if _, ok := abp.p.elsAndAttrs[element]; !ok {
+				abp.p.elsAndAttrs[element] = make(map[string][]attrPolicy)
+			}
+
+			ap := attrPolicy{}
+			if abp.regexp != nil {
+				ap.regexp = abp.regexp
+			}
+
+			abp.p.elsAndAttrs[element][attr] = append(abp.p.elsAndAttrs[element][attr], ap)
+		}
+
+		if abp.allowEmpty {
+			abp.p.setOfElementsAllowedWithoutAttrs[element] = struct{}{}
+
+			if _, ok := abp.p.elsAndAttrs[element]; !ok {
+				abp.p.elsAndAttrs[element] = make(map[string][]attrPolicy)
+			}
+		}
+	}
+
+	return abp.p
+}
+
+// OnElementsMatching will bind an attribute policy to all elements matching a given regex
+// and return the updated policy
+func (abp *attrPolicyBuilder) OnElementsMatching(regex *regexp.Regexp) *Policy {
+	for _, attr := range abp.attrNames {
+		if _, ok := abp.p.elsMatchingAndAttrs[regex]; !ok {
+			abp.p.elsMatchingAndAttrs[regex] = make(map[string][]attrPolicy)
+		}
+		ap := attrPolicy{}
+		if abp.regexp != nil {
+			ap.regexp = abp.regexp
+		}
+		abp.p.elsMatchingAndAttrs[regex][attr] = append(abp.p.elsMatchingAndAttrs[regex][attr], ap)
+	}
+
+	if abp.allowEmpty {
+		abp.p.setOfElementsMatchingAllowedWithoutAttrs = append(abp.p.setOfElementsMatchingAllowedWithoutAttrs, regex)
+		if _, ok := abp.p.elsMatchingAndAttrs[regex]; !ok {
+			abp.p.elsMatchingAndAttrs[regex] = make(map[string][]attrPolicy)
+		}
+	}
+
+	return abp.p
+}
+
+// Globally will bind an attribute policy to all HTML elements and return the
+// updated policy
+func (abp *attrPolicyBuilder) Globally() *Policy {
+
+	for _, attr := range abp.attrNames {
+		if _, ok := abp.p.globalAttrs[attr]; !ok {
+			abp.p.globalAttrs[attr] = []attrPolicy{}
+		}
+
+		ap := attrPolicy{}
+		if abp.regexp != nil {
+			ap.regexp = abp.regexp
+		}
+
+		abp.p.globalAttrs[attr] = append(abp.p.globalAttrs[attr], ap)
+	}
+
+	return abp.p
+}
+
+// AllowStyles takes a range of CSS property names and returns a
+// style policy builder that allows you to specify the pattern and scope of
+// the allowed property.
+//
+// The style policy is only added to the core policy when either Globally()
+// or OnElements(...) are called.
+func (p *Policy) AllowStyles(propertyNames ...string) *stylePolicyBuilder {
+
+	p.init()
+
+	abp := stylePolicyBuilder{
+		p: p,
+	}
+
+	for _, propertyName := range propertyNames {
+		abp.propertyNames = append(abp.propertyNames, strings.ToLower(propertyName))
+	}
+
+	return &abp
+}
+
+// Matching allows a regular expression to be applied to a nascent style
+// policy, and returns the style policy.
+func (spb *stylePolicyBuilder) Matching(regex *regexp.Regexp) *stylePolicyBuilder {
+
+	spb.regexp = regex
+
+	return spb
+}
+
+// MatchingEnum allows a list of allowed values to be applied to a nascent style
+// policy, and returns the style policy.
+func (spb *stylePolicyBuilder) MatchingEnum(enum ...string) *stylePolicyBuilder {
+
+	spb.enum = enum
+
+	return spb
+}
+
+// MatchingHandler allows a handler to be applied to a nascent style
+// policy, and returns the style policy.
+func (spb *stylePolicyBuilder) MatchingHandler(handler func(string) bool) *stylePolicyBuilder {
+
+	spb.handler = handler
+
+	return spb
+}
+
+// OnElements will bind a style policy to a given range of HTML elements
+// and return the updated policy
+func (spb *stylePolicyBuilder) OnElements(elements ...string) *Policy {
+
+	for _, element := range elements {
+		element = strings.ToLower(element)
+
+		for _, attr := range spb.propertyNames {
+
+			if _, ok := spb.p.elsAndStyles[element]; !ok {
+				spb.p.elsAndStyles[element] = make(map[string][]stylePolicy)
+			}
+
+			sp := stylePolicy{}
+			if spb.handler != nil {
+				sp.handler = spb.handler
+			} else if len(spb.enum) > 0 {
+				sp.enum = spb.enum
+			} else if spb.regexp != nil {
+				sp.regexp = spb.regexp
+			} else {
+				sp.handler = css.GetDefaultHandler(attr)
+			}
+			spb.p.elsAndStyles[element][attr] = append(spb.p.elsAndStyles[element][attr], sp)
+		}
+	}
+
+	return spb.p
+}
+
+// OnElementsMatching will bind a style policy to any HTML elements matching the pattern
+// and return the updated policy
+func (spb *stylePolicyBuilder) OnElementsMatching(regex *regexp.Regexp) *Policy {
+
+	for _, attr := range spb.propertyNames {
+
+		if _, ok := spb.p.elsMatchingAndStyles[regex]; !ok {
+			spb.p.elsMatchingAndStyles[regex] = make(map[string][]stylePolicy)
+		}
+
+		sp := stylePolicy{}
+		if spb.handler != nil {
+			sp.handler = spb.handler
+		} else if len(spb.enum) > 0 {
+			sp.enum = spb.enum
+		} else if spb.regexp != nil {
+			sp.regexp = spb.regexp
+		} else {
+			sp.handler = css.GetDefaultHandler(attr)
+		}
+		spb.p.elsMatchingAndStyles[regex][attr] = append(spb.p.elsMatchingAndStyles[regex][attr], sp)
+	}
+
+	return spb.p
+}
+
+// Globally will bind a style policy to all HTML elements and return the
+// updated policy
+func (spb *stylePolicyBuilder) Globally() *Policy {
+
+	for _, attr := range spb.propertyNames {
+		if _, ok := spb.p.globalStyles[attr]; !ok {
+			spb.p.globalStyles[attr] = []stylePolicy{}
+		}
+
+		// Use only one strategy for validating styles, fallback to default
+		sp := stylePolicy{}
+		if spb.handler != nil {
+			sp.handler = spb.handler
+		} else if len(spb.enum) > 0 {
+			sp.enum = spb.enum
+		} else if spb.regexp != nil {
+			sp.regexp = spb.regexp
+		} else {
+			sp.handler = css.GetDefaultHandler(attr)
+		}
+		spb.p.globalStyles[attr] = append(spb.p.globalStyles[attr], sp)
+	}
+
+	return spb.p
+}
+
+// AllowElements will append HTML elements to the allowlist without applying an
+// attribute policy to those elements (the elements are permitted
+// sans-attributes)
+func (p *Policy) AllowElements(names ...string) *Policy {
+	p.init()
+
+	for _, element := range names {
+		element = strings.ToLower(element)
+
+		if _, ok := p.elsAndAttrs[element]; !ok {
+			p.elsAndAttrs[element] = make(map[string][]attrPolicy)
+		}
+	}
+
+	return p
+}
+
+// AllowElementsMatching will append HTML elements to the allowlist if they
+// match a regexp.
+func (p *Policy) AllowElementsMatching(regex *regexp.Regexp) *Policy {
+	p.init()
+	if _, ok := p.elsMatchingAndAttrs[regex]; !ok {
+		p.elsMatchingAndAttrs[regex] = make(map[string][]attrPolicy)
+	}
+	return p
+}
+
+// RequireNoFollowOnLinks will result in all a, area, link tags having a
+// rel="nofollow"added to them if one does not already exist
+//
+// Note: This requires p.RequireParseableURLs(true) and will enable it.
+func (p *Policy) RequireNoFollowOnLinks(require bool) *Policy {
+
+	p.requireNoFollow = require
+	p.requireParseableURLs = true
+
+	return p
+}
+
+// RequireNoFollowOnFullyQualifiedLinks will result in all a, area, and link
+// tags that point to a non-local destination (i.e. starts with a protocol and
+// has a host) having a rel="nofollow" added to them if one does not already
+// exist
+//
+// Note: This requires p.RequireParseableURLs(true) and will enable it.
+func (p *Policy) RequireNoFollowOnFullyQualifiedLinks(require bool) *Policy {
+
+	p.requireNoFollowFullyQualifiedLinks = require
+	p.requireParseableURLs = true
+
+	return p
+}
+
+// RequireNoReferrerOnLinks will result in all a, area, and link tags having a
+// rel="noreferrrer" added to them if one does not already exist
+//
+// Note: This requires p.RequireParseableURLs(true) and will enable it.
+func (p *Policy) RequireNoReferrerOnLinks(require bool) *Policy {
+
+	p.requireNoReferrer = require
+	p.requireParseableURLs = true
+
+	return p
+}
+
+// RequireNoReferrerOnFullyQualifiedLinks will result in all a, area, and link
+// tags that point to a non-local destination (i.e. starts with a protocol and
+// has a host) having a rel="noreferrer" added to them if one does not already
+// exist
+//
+// Note: This requires p.RequireParseableURLs(true) and will enable it.
+func (p *Policy) RequireNoReferrerOnFullyQualifiedLinks(require bool) *Policy {
+
+	p.requireNoReferrerFullyQualifiedLinks = require
+	p.requireParseableURLs = true
+
+	return p
+}
+
+// RequireCrossOriginAnonymous will result in all audio, img, link, script, and
+// video tags having a crossorigin="anonymous" added to them if one does not
+// already exist
+func (p *Policy) RequireCrossOriginAnonymous(require bool) *Policy {
+
+	p.requireCrossOriginAnonymous = require
+
+	return p
+}
+
+// AddTargetBlankToFullyQualifiedLinks will result in all a, area and link tags
+// that point to a non-local destination (i.e. starts with a protocol and has a
+// host) having a target="_blank" added to them if one does not already exist
+//
+// Note: This requires p.RequireParseableURLs(true) and will enable it.
+func (p *Policy) AddTargetBlankToFullyQualifiedLinks(require bool) *Policy {
+
+	p.addTargetBlankToFullyQualifiedLinks = require
+	p.requireParseableURLs = true
+
+	return p
+}
+
+// RequireParseableURLs will result in all URLs requiring that they be parseable
+// by "net/url" url.Parse()
+// This applies to:
+// - a.href
+// - area.href
+// - blockquote.cite
+// - img.src
+// - link.href
+// - script.src
+func (p *Policy) RequireParseableURLs(require bool) *Policy {
+
+	p.requireParseableURLs = require
+
+	return p
+}
+
+// AllowRelativeURLs enables RequireParseableURLs and then permits URLs that
+// are parseable, have no schema information and url.IsAbs() returns false
+// This permits local URLs
+func (p *Policy) AllowRelativeURLs(require bool) *Policy {
+
+	p.RequireParseableURLs(true)
+	p.allowRelativeURLs = require
+
+	return p
+}
+
+// AllowURLSchemes will append URL schemes to the allowlist
+// Example: p.AllowURLSchemes("mailto", "http", "https")
+func (p *Policy) AllowURLSchemes(schemes ...string) *Policy {
+	p.init()
+
+	p.RequireParseableURLs(true)
+
+	for _, scheme := range schemes {
+		scheme = strings.ToLower(scheme)
+
+		// Allow all URLs with matching scheme.
+		p.allowURLSchemes[scheme] = nil
+	}
+
+	return p
+}
+
+// AllowURLSchemeWithCustomPolicy will append URL schemes with
+// a custom URL policy to the allowlist.
+// Only the URLs with matching schema and urlPolicy(url)
+// returning true will be allowed.
+func (p *Policy) AllowURLSchemeWithCustomPolicy(
+	scheme string,
+	urlPolicy func(url *url.URL) (allowUrl bool),
+) *Policy {
+
+	p.init()
+
+	p.RequireParseableURLs(true)
+
+	scheme = strings.ToLower(scheme)
+
+	p.allowURLSchemes[scheme] = append(p.allowURLSchemes[scheme], urlPolicy)
+
+	return p
+}
+
+// AddSpaceWhenStrippingTag states whether to add a single space " " when
+// removing tags that are not allowed by the policy.
+//
+// This is useful if you expect to strip tags in dense markup and may lose the
+// value of whitespace.
+//
+// For example: "<p>Hello</p><p>World</p>"" would be sanitized to "HelloWorld"
+// with the default value of false, but you may wish to sanitize this to
+// " Hello  World " by setting AddSpaceWhenStrippingTag to true as this would
+// retain the intent of the text.
+func (p *Policy) AddSpaceWhenStrippingTag(allow bool) *Policy {
+
+	p.addSpaces = allow
+
+	return p
+}
+
+// SkipElementsContent adds the HTML elements whose tags is needed to be removed
+// with its content.
+func (p *Policy) SkipElementsContent(names ...string) *Policy {
+
+	p.init()
+
+	for _, element := range names {
+		element = strings.ToLower(element)
+
+		if _, ok := p.setOfElementsToSkipContent[element]; !ok {
+			p.setOfElementsToSkipContent[element] = struct{}{}
+		}
+	}
+
+	return p
+}
+
+// AllowElementsContent marks the HTML elements whose content should be
+// retained after removing the tag.
+func (p *Policy) AllowElementsContent(names ...string) *Policy {
+
+	p.init()
+
+	for _, element := range names {
+		delete(p.setOfElementsToSkipContent, strings.ToLower(element))
+	}
+
+	return p
+}
+
+// addDefaultElementsWithoutAttrs adds the HTML elements that we know are valid
+// without any attributes to an internal map.
+// i.e. we know that <table> is valid, but <bdo> isn't valid as the "dir" attr
+// is mandatory
+func (p *Policy) addDefaultElementsWithoutAttrs() {
+	p.init()
+
+	p.setOfElementsAllowedWithoutAttrs["abbr"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["acronym"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["address"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["article"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["aside"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["audio"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["b"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["bdi"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["blockquote"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["body"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["br"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["button"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["canvas"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["caption"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["center"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["cite"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["code"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["col"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["colgroup"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["datalist"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["dd"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["del"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["details"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["dfn"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["div"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["dl"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["dt"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["em"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["fieldset"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["figcaption"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["figure"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["footer"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["h1"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["h2"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["h3"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["h4"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["h5"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["h6"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["head"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["header"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["hgroup"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["hr"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["html"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["i"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["ins"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["kbd"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["li"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["mark"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["marquee"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["nav"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["ol"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["optgroup"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["option"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["p"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["pre"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["q"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["rp"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["rt"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["ruby"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["s"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["samp"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["script"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["section"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["select"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["small"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["span"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["strike"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["strong"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["style"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["sub"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["summary"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["sup"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["svg"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["table"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["tbody"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["td"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["textarea"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["tfoot"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["th"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["thead"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["title"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["time"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["tr"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["tt"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["u"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["ul"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["var"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["video"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["wbr"] = struct{}{}
+
+}
+
+// addDefaultSkipElementContent adds the HTML elements that we should skip
+// rendering the character content of, if the element itself is not allowed.
+// This is all character data that the end user would not normally see.
+// i.e. if we exclude a <script> tag then we shouldn't render the JavaScript or
+// anything else until we encounter the closing </script> tag.
+func (p *Policy) addDefaultSkipElementContent() {
+	p.init()
+
+	p.setOfElementsToSkipContent["frame"] = struct{}{}
+	p.setOfElementsToSkipContent["frameset"] = struct{}{}
+	p.setOfElementsToSkipContent["iframe"] = struct{}{}
+	p.setOfElementsToSkipContent["noembed"] = struct{}{}
+	p.setOfElementsToSkipContent["noframes"] = struct{}{}
+	p.setOfElementsToSkipContent["noscript"] = struct{}{}
+	p.setOfElementsToSkipContent["nostyle"] = struct{}{}
+	p.setOfElementsToSkipContent["object"] = struct{}{}
+	p.setOfElementsToSkipContent["script"] = struct{}{}
+	p.setOfElementsToSkipContent["style"] = struct{}{}
+	p.setOfElementsToSkipContent["title"] = struct{}{}
+}