From ee6786216a608fca2de322c90c7256577f2a500a Mon Sep 17 00:00:00 2001
From: Unknwon <joe2010xtmf@163.com>
Date: Fri, 30 Jan 2015 18:12:30 -0500
Subject: modules/base: clean code with #838

---
 modules/base/tool.go | 30 +++---------------------------
 1 file changed, 3 insertions(+), 27 deletions(-)

(limited to 'modules/base/tool.go')

diff --git a/modules/base/tool.go b/modules/base/tool.go
index ff5a4f4c..5043364c 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -15,17 +15,19 @@ import (
 	"hash"
 	"html/template"
 	"math"
-	"regexp"
 	"strings"
 	"time"
 
 	"github.com/Unknwon/com"
 	"github.com/Unknwon/i18n"
+	"github.com/microcosm-cc/bluemonday"
 
 	"github.com/gogits/gogs/modules/avatar"
 	"github.com/gogits/gogs/modules/setting"
 )
 
+var Sanitizer = bluemonday.UGCPolicy()
+
 // Encode string to md5 hex value.
 func EncodeMd5(str string) string {
 	m := md5.New()
@@ -473,29 +475,3 @@ func DateFormat(t time.Time, format string) string {
 	format = replacer.Replace(format)
 	return t.Format(format)
 }
-
-type xssFilter struct {
-	reg  *regexp.Regexp
-	repl []byte
-}
-
-var (
-	whiteSpace = []byte(" ")
-	xssFilters = []xssFilter{
-		{regexp.MustCompile(`\ [ONon]\w*=["]*`), whiteSpace},
-		{regexp.MustCompile(`<[SCRIPTscript]{6}`), whiteSpace},
-		{regexp.MustCompile(`=[` + "`" + `'"]*[JAVASCRIPTjavascript \t\0&#x0D;]*:`), whiteSpace},
-	}
-)
-
-// XSS goes through all the XSS filters to make user input content as safe as possible.
-func XSS(in []byte) []byte {
-	for _, filter := range xssFilters {
-		in = filter.reg.ReplaceAll(in, filter.repl)
-	}
-	return in
-}
-
-func XSSString(in string) string {
-	return string(XSS([]byte(in)))
-}
-- 
cgit v1.2.3