Optimize HTML sanitization (pkg/xss) profile loading (mem leaking)

cortezaproject · Apr 15, 2022 · 2711b02 · 2711b02
1 parent 2653c38
commit 2711b02
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/pkg/xss/rich_text.go b/pkg/xss/rich_text.go
@@ -7,10 +7,13 @@ import (
 	"github.com/microcosm-cc/bluemonday"
 )
 
-// RichText assures safe HTML content
-func RichText(in string) string {
+var (
+	p *bluemonday.Policy
+)
+
+func init() {
 	// use standard html escaping policy
-	p := bluemonday.UGCPolicy()
+	p = bluemonday.UGCPolicy()
 
 	// match only colors for html editor elements on style attr
 	p.AllowAttrs("style").OnElements("span", "p")
@@ -30,7 +33,10 @@ func RichText(in string) string {
 	// some link specifics we need; allow target but assure safety
 	p.AllowAttrs("target").OnElements("a")
 	p.AddTargetBlankToFullyQualifiedLinks(false)
+}
 
+// RichText assures safe HTML content
+func RichText(in string) string {
 	sanitized := p.Sanitize(in)
 
 	// handle escaped strings and unescape them