From fa66648e7c22601e1586c9e25215119a3d2f09e7 Mon Sep 17 00:00:00 2001
From: Zack Scholl <zack.scholl@gmail.com>
Date: Sat, 13 Feb 2016 23:10:34 -0500
Subject: [PATCH] Bluemonday onto lists too

Former-commit-id: 4988450f045d0ec49825027b0a65ded8a01c0ef8 [formerly 4ebc8adf84d82b208853620fa527dcbb57090cb2] [formerly aecf8096ddf3e1cd81c019d6956cc9b3d6a60b84 [formerly 041f0336c1847a715560b5610cbfcbda2203e971 [formerly 2e9549e735098b7aa0c873d2d35558a1e6f30610]]]
Former-commit-id: fe758d90425821157c44bebf7fa14de330b83b51 [formerly 1571aab7d0bc0b5c2e87bfe17702cc75ae681462]
Former-commit-id: fd6052e2ecadf09c7512dc80265cb7b3b7e92f7a
Former-commit-id: 32d06f199b1ff70536e69639023dd0c600862c58
---
 routes.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/routes.go b/routes.go
index 27f5db1..18b5471 100644
--- a/routes.go
+++ b/routes.go
@@ -9,6 +9,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
+	"fmt"
 
 	"github.com/boltdb/bolt"
 	"github.com/gin-gonic/gin"
@@ -197,8 +198,18 @@ func renderList(c *gin.Context, title string) {
 		panic(err)
 	}
 
-	listItems, _ := reorderList(p.CurrentText)
-
+	fmt.Println(p.CurrentText)
+	pClean := bluemonday.UGCPolicy()
+	pClean.AllowElements("img")
+	pClean.AllowAttrs("alt").OnElements("img")
+	pClean.AllowAttrs("src").OnElements("img")
+	pClean.AllowAttrs("class").OnElements("a")
+	pClean.AllowAttrs("href").OnElements("a")
+	pClean.AllowAttrs("id").OnElements("a")
+	pClean.AllowDataURIImages()
+	text := pClean.SanitizeBytes([]byte(p.CurrentText))
+	listItems, _ := reorderList(string(text))
+	fmt.Println(string(text))
 	c.HTML(http.StatusOK, "list.tmpl", gin.H{
 		"Title":     title,
 		"WikiName":  RuntimeArgs.WikiName,