diff --git a/README.md b/README.md
index 7ba332d..365178f 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ All previous versions of all notes are stored and can be accessed by adding `?ve
 
 ## Security
 
-Now comes with HTTPS!
+HTTPS support is provided. Also uses a HTML sanitizer to prevent XSS attacks.
 
 ## Keyboard Shortcuts
 
@@ -32,7 +32,11 @@ Quickly transition between Edit/View/List by using `Ctl+Shift+E` to Edit, `Ctl+S
 The Admin can view/delete all the documents by setting the `-a YourAdminKey` when starting the program. Then the admin has access to the `/ls/YourAdminKey` to view and delete any of the pages.
 
 # Install
-To get started on your local network just do:
+
+
+First [install Go](https://golang.org/doc/install).
+
+Then, if you want to host on your local network just do:
 
 ```
 git clone https://github.com/schollz/awwkoala.git
@@ -44,7 +48,7 @@ make
 and then goto the address `http://LOCALIPADDRESS:8001/`
 
 ## Production server
-I recommend using `NGINX` as middleware, as it will do caching of the static files for you. There is an example `NGINX` block in `install/`. To automatically install, on Raspberry Pi / Ubuntu / Debian system use:
+I recommend using `NGINX` as middleware, as it will do caching of the static files for you. There is an example `NGINX` block in `install/`. If you want to use SSL instead, follow the instructions in `letsencrypt/README.md`. To automatically install, on Raspberry Pi / Ubuntu / Debian system use:
 
 ```
 git clone https://github.com/schollz/awwkoala.git
diff --git a/letsencrypt/awwkoala.ssl.nginx b/letsencrypt/awwkoala.ssl.nginx
index 90efeb5..ca59024 100644
--- a/letsencrypt/awwkoala.ssl.nginx
+++ b/letsencrypt/awwkoala.ssl.nginx
@@ -8,7 +8,7 @@ server {
   # SERVER BLOCK FOR ADDRESS
   listen   443 ssl;
   ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
-  ssl_certificate         /etc/letsencrypt/live/ADDRESS/cert.pem; 
+  ssl_certificate         /etc/letsencrypt/live/ADDRESS/fullchain.pem; 
   ssl_certificate_key     /etc/letsencrypt/live/ADDRESS/privkey.pem; 
 
 	access_log /etc/nginx/logs/access-ADDRESS.log;
diff --git a/routes.go b/routes.go
index 27f5db1..18b5471 100644
--- a/routes.go
+++ b/routes.go
@@ -9,6 +9,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
+	"fmt"
 
 	"github.com/boltdb/bolt"
 	"github.com/gin-gonic/gin"
@@ -197,8 +198,18 @@ func renderList(c *gin.Context, title string) {
 		panic(err)
 	}
 
-	listItems, _ := reorderList(p.CurrentText)
-
+	fmt.Println(p.CurrentText)
+	pClean := bluemonday.UGCPolicy()
+	pClean.AllowElements("img")
+	pClean.AllowAttrs("alt").OnElements("img")
+	pClean.AllowAttrs("src").OnElements("img")
+	pClean.AllowAttrs("class").OnElements("a")
+	pClean.AllowAttrs("href").OnElements("a")
+	pClean.AllowAttrs("id").OnElements("a")
+	pClean.AllowDataURIImages()
+	text := pClean.SanitizeBytes([]byte(p.CurrentText))
+	listItems, _ := reorderList(string(text))
+	fmt.Println(string(text))
 	c.HTML(http.StatusOK, "list.tmpl", gin.H{
 		"Title":     title,
 		"WikiName":  RuntimeArgs.WikiName,