replace zxq.co/ripple/hanayo

vendor/github.com/microcosm-cc/bluemonday/cmd/sanitise_ugc/doc.go

@@ -0,0 +1,13 @@
+/*
+Package main demonstrates a simple user generated content sanitizer.
+
+This is the configuration I use on the sites that I run, it allows a lot of safe
+HTML that in my case comes from the blackfriday markdown package. As markdown
+itself allows HTML the UGCPolicy includes most common HTML.
+
+CSS and JavaScript is excluded (not white-listed), as are form elements and most
+embedded media that isn't just an image or image map.
+
+As I'm paranoid, I also do not allow data-uri images and embeds.
+*/
+package main

vendor/github.com/microcosm-cc/bluemonday/cmd/sanitise_ugc/main.go

@@ -0,0 +1,37 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+
+	"github.com/microcosm-cc/bluemonday"
+)
+
+func main() {
+	// Define a policy, we are using the UGC policy as a base.
+	p := bluemonday.UGCPolicy()
+
+	// Add "rel=nofollow" to links
+	p.RequireNoFollowOnLinks(true)
+	p.RequireNoFollowOnFullyQualifiedLinks(true)
+
+	// Open external links in a new window/tab
+	p.AddTargetBlankToFullyQualifiedLinks(true)
+
+	// Read input from stdin so that this is a nice unix utility and can receive
+	// piped input
+	dirty, err := ioutil.ReadAll(os.Stdin)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Apply the policy and write to stdout
+	fmt.Fprint(
+		os.Stdout,
+		p.Sanitize(
+			string(dirty),
+		),
+	)
+}