From 2e9549e735098b7aa0c873d2d35558a1e6f30610 Mon Sep 17 00:00:00 2001
From: Zack Scholl <zack.scholl@gmail.com>
Date: Sat, 13 Feb 2016 23:10:34 -0500
Subject: [PATCH] Bluemonday onto lists too

---
 routes.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/routes.go b/routes.go
index 27f5db1..18b5471 100644
--- a/routes.go
+++ b/routes.go
@@ -9,6 +9,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
+	"fmt"
 
 	"github.com/boltdb/bolt"
 	"github.com/gin-gonic/gin"
@@ -197,8 +198,18 @@ func renderList(c *gin.Context, title string) {
 		panic(err)
 	}
 
-	listItems, _ := reorderList(p.CurrentText)
-
+	fmt.Println(p.CurrentText)
+	pClean := bluemonday.UGCPolicy()
+	pClean.AllowElements("img")
+	pClean.AllowAttrs("alt").OnElements("img")
+	pClean.AllowAttrs("src").OnElements("img")
+	pClean.AllowAttrs("class").OnElements("a")
+	pClean.AllowAttrs("href").OnElements("a")
+	pClean.AllowAttrs("id").OnElements("a")
+	pClean.AllowDataURIImages()
+	text := pClean.SanitizeBytes([]byte(p.CurrentText))
+	listItems, _ := reorderList(string(text))
+	fmt.Println(string(text))
 	c.HTML(http.StatusOK, "list.tmpl", gin.H{
 		"Title":     title,
 		"WikiName":  RuntimeArgs.WikiName,