Open Sakibs opened 6 years ago
How are you using this?
Policy creation is not thread safe, and you should create the policy at startup (or guaranteed just once if you lazy create it later).
Sanitization is thread safe and once a policy has been created you can use it across multiple goroutines safely assuming you are not modifying the policy.
I have it at a package level global variable. I then just use it in a function
package mypkg
var (
// https://godoc.org/github.com/microcosm-cc/bluemonday#StrictPolicy
strictPolicy = bluemonday.StrictPolicy()
// https://godoc.org/github.com/microcosm-cc/bluemonday#UGCPolicy
ugcPolicy = bluemonday.UGCPolicy()
)
func sanitizeComment(body string) string {
// allow <span> tag styles
ugcPolicy.AllowAttrs("style").OnElements("span") // *** PANICS HERE ***
result := ugcPolicy.Sanitize(body)
return result
}
Yup, it is the modifying of the policy that isn't thread safe.
I'll drop an example in here once I'm at work.
Huh.
We use bluemonday in our golang service and under high load and traffic we are noticing the error below fatal error: concurrent map writes