When processing markdown content, always verify what sanitization your chosen markdown library provides to prevent XSS vulnerabilities while avoiding redundant security measures. Some libraries like github_flavored_markdown include built-in sanitization, while others like blackfriday require explicit sanitization of their output.
Before adding sanitization calls, check the library documentation to understand its security features. For libraries without built-in sanitization:
// blackfriday requires explicit sanitization
body := string(blackfriday.MarkdownCommon(input))
sanitized := bluemonday.UGCPolicy().SanitizeBytes([]byte(body))
For libraries with built-in sanitization, avoid double-sanitization:
// github_flavored_markdown already sanitizes - no additional sanitization needed
body := string(gfm.Markdown(input))
This prevents both security gaps from missing sanitization and performance issues from redundant sanitization calls.
Enter the URL of a public GitHub repository