Closed prologic closed 4 years ago
The readme has a section on links that show you how to approach this: https://github.com/microcosm-cc/bluemonday#links
p.AllowAttrs("href").Matching(regexp.MustCompile(`(?i)mailto|https?`)).OnElements("a")
But bear in mind that you will have to create your own policy rather than use the built-in policies as those would permit all safe IMG src values already. Additionally read the warning on the readme, by applying your own regex there is a risk that you are not handling URI encoding that could be exploited.... if your knowledge of valid URIs is comprehensive you should be able to safely craft a regexp to match those.
Thank you! I somehow missed that on the README (sorry!) 🙇♂️
Say I want to allow
img
elements, but filter thesrc
(s) so only some domains/patterns of image sources are allowed? How would I go about this?