From 761bb3cf53960485921ad045bae5a79340d66f97 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Fri, 31 Mar 2017 16:19:10 -0400
Subject: modules/markup: protect sanitizer from possible modification

Only expose public APIs for 'Sanitize' and 'SanitizeBytes' to
eliminate unintentional modifications to sanitizer policy. Also
use 'sync.Once' to make sure multiple calls of 'NewSanitizer' is
safe (although should never happen, but this is a better way).
---
 modules/template/template.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/template/template.go')

diff --git a/modules/template/template.go b/modules/template/template.go
index 0bd5fa3f..faae266b 100644
--- a/modules/template/template.go
+++ b/modules/template/template.go
@@ -125,7 +125,7 @@ func Safe(raw string) template.HTML {
 }
 
 func Str2html(raw string) template.HTML {
-	return template.HTML(markup.Sanitizer.Sanitize(raw))
+	return template.HTML(markup.Sanitize(raw))
 }
 
 func List(l *list.List) chan interface{} {
-- 
cgit v1.2.3