From 7d97f2ac31d2a932c25363f0677ec94b48f28bac Mon Sep 17 00:00:00 2001
From: oppiliappan <me@oppi.li>
Date: Sat, 16 Aug 2025 22:42:39 +0100
Subject: [PATCH] appview/pages/markup: add `description` filter
Change-Id: kwlnxumxxkxvyrsvvpuypsqpswxswxol

this sanitizer only renders a tiny subset of markdown, to be used in
inline elements like PR titles and repo descriptions etc.

Signed-off-by: oppiliappan <me@oppi.li>
---
 appview/pages/funcmap.go          |  7 ++++++-
 appview/pages/markup/markdown.go  |  6 +++++-
 appview/pages/markup/sanitizer.go | 29 +++++++++++++++++++++++++++--
 3 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/appview/pages/funcmap.go b/appview/pages/funcmap.go
index f719a11b..6c532c47 100644
--- a/appview/pages/funcmap.go
+++ b/appview/pages/funcmap.go
@@ -206,13 +206,18 @@ func (p *Pages) funcMap() template.FuncMap {
 			}
 			return v.Slice(0, min(n, v.Len())).Interface()
 		},
-
 		"markdown": func(text string) template.HTML {
 			p.rctx.RendererType = markup.RendererTypeDefault
 			htmlString := p.rctx.RenderMarkdown(text)
 			sanitized := p.rctx.SanitizeDefault(htmlString)
 			return template.HTML(sanitized)
 		},
+		"description": func(text string) template.HTML {
+			p.rctx.RendererType = markup.RendererTypeDefault
+			htmlString := p.rctx.RenderMarkdown(text)
+			sanitized := p.rctx.SanitizeDescription(htmlString)
+			return template.HTML(sanitized)
+		},
 		"isNil": func(t any) bool {
 			// returns false for other "zero" values
 			return t == nil
diff --git a/appview/pages/markup/markdown.go b/appview/pages/markup/markdown.go
index 6d39b131..15d02da8 100644
--- a/appview/pages/markup/markdown.go
+++ b/appview/pages/markup/markdown.go
@@ -161,7 +161,11 @@ func visitNode(ctx *RenderContext, node *htmlparse.Node) {
 }
 
 func (rctx *RenderContext) SanitizeDefault(html string) string {
-	return rctx.Sanitizer.defaultPolicy.Sanitize(html)
+	return rctx.Sanitizer.SanitizeDefault(html)
+}
+
+func (rctx *RenderContext) SanitizeDescription(html string) string {
+	return rctx.Sanitizer.SanitizeDescription(html)
 }
 
 type MarkdownTransformer struct {
diff --git a/appview/pages/markup/sanitizer.go b/appview/pages/markup/sanitizer.go
index 4fb92c37..c77af66d 100644
--- a/appview/pages/markup/sanitizer.go
+++ b/appview/pages/markup/sanitizer.go
@@ -11,15 +11,24 @@ import (
 )
 
 type Sanitizer struct {
-	defaultPolicy *bluemonday.Policy
+	defaultPolicy     *bluemonday.Policy
+	descriptionPolicy *bluemonday.Policy
 }
 
 func NewSanitizer() Sanitizer {
 	return Sanitizer{
-		defaultPolicy: defaultPolicy(),
+		defaultPolicy:     defaultPolicy(),
+		descriptionPolicy: descriptionPolicy(),
 	}
 }
 
+func (s *Sanitizer) SanitizeDefault(html string) string {
+	return s.defaultPolicy.Sanitize(html)
+}
+func (s *Sanitizer) SanitizeDescription(html string) string {
+	return s.descriptionPolicy.Sanitize(html)
+}
+
 func defaultPolicy() *bluemonday.Policy {
 	policy := bluemonday.UGCPolicy()
 
@@ -90,3 +99,19 @@ func defaultPolicy() *bluemonday.Policy {
 
 	return policy
 }
+
+func descriptionPolicy() *bluemonday.Policy {
+	policy := bluemonday.NewPolicy()
+	policy.AllowStandardURLs()
+
+	// allow italics and bold.
+	policy.AllowElements("i", "b", "em", "strong")
+
+	// allow code.
+	policy.AllowElements("code")
+
+	// allow links
+	policy.AllowAttrs("href", "target", "rel").OnElements("a")
+
+	return policy
+}
-- 
2.43.0