Is Sanitize* safe to use by multiple goroutines

microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

https://github.com/microcosm-cc/bluemonday

BSD 3-Clause "New" or "Revised" License

3.14k stars 176 forks source link

Is Sanitize* safe to use by multiple goroutines #72

Closed powerman closed 6 years ago

powerman commented 6 years ago

At a glance it looks like there is no reason to create new policy per each sanitized value (well, it's per goroutine, but in practice this often means - per each value), after initial policy setup it should be safe to use by multiple goroutines, but doc doesn't mention this (which apply default meaning: not safe). So, if it's safe, please document this.

buro9 commented 6 years ago

This is the way it should be used.

A policy is not safe to be used whilst it is being defined (there is no protection around some of the maps for example), but once it has been constructed it is safe to be used by multiple goroutines that apply the same policy.

In my programs I set up a couple of policies during program init and then use them for the life of the program across many goroutines.

buro9 commented 6 years ago

I've updated the example usage code to include clarifying comments.