From c3743bad4f2a69f69f8f1e1e5b4b6524fc03da25 Mon Sep 17 00:00:00 2001
From: aichy126 <16996097+aichy126@users.noreply.github.com>
Date: Fri, 10 Mar 2023 15:20:45 +0800
Subject: [PATCH] update markdown xss

---
 pkg/converter/markdown.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/converter/markdown.go b/pkg/converter/markdown.go
index b1e2a4185..f6e76c450 100644
--- a/pkg/converter/markdown.go
+++ b/pkg/converter/markdown.go
@@ -32,7 +32,10 @@ func Markdown2HTML(source string) string {
 		log.Error(err)
 		return source
 	}
-	return buf.String()
+	html := buf.String()
+	filter := bluemonday.NewPolicy()
+	html = filter.Sanitize(html)
+	return html
 }
 
 // Markdown2BasicHTML convert markdown to html ,Only basic syntax can be used