diff options
| author | Unknwon <u@gogs.io> | 2017-03-31 16:19:10 -0400 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2017-03-31 16:19:10 -0400 |
| commit | 761bb3cf53960485921ad045bae5a79340d66f97 (patch) | |
| tree | 7f8e475e64cbd9ba6f485891092478cba028c96c /modules/template | |
| parent | c1c269d9ef50595475cf4c6728d9b20a6417c490 (diff) | |
modules/markup: protect sanitizer from possible modification
Only expose public APIs for 'Sanitize' and 'SanitizeBytes' to
eliminate unintentional modifications to sanitizer policy. Also
use 'sync.Once' to make sure multiple calls of 'NewSanitizer' is
safe (although should never happen, but this is a better way).
Diffstat (limited to 'modules/template')
| -rw-r--r-- | modules/template/template.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/template/template.go b/modules/template/template.go index 0bd5fa3f..faae266b 100644 --- a/modules/template/template.go +++ b/modules/template/template.go @@ -125,7 +125,7 @@ func Safe(raw string) template.HTML { } func Str2html(raw string) template.HTML { - return template.HTML(markup.Sanitizer.Sanitize(raw)) + return template.HTML(markup.Sanitize(raw)) } func List(l *list.List) chan interface{} { |