fix: add nosec directive for intentional HTML conversion

rss email digests over ssh because you're a cool kid herald.dunkirk.sh

go rss rss-reader ssh charm

Adds #nosec G203 comment to suppress gosec warning about
htmltemplate.HTML conversion. This is safe because the content
is sanitized by bluemonday.UGCPolicy() before conversion, which
removes all unsafe HTML tags, attributes, and scripts.

Claude 2 months ago 182a94c8 b1c4239a

+1 -1

1 changed file

expand all

render.go

+1 -1

email/render.go

··· 86 86 Title: item.Title, 87 87 Link: item.Link, 88 88 Content: item.Content, 89 - SanitizedContent: htmltemplate.HTML(sanitizeHTML(item.Content)), 89 + SanitizedContent: htmltemplate.HTML(sanitizeHTML(item.Content)), // #nosec G203 -- Content is sanitized by bluemonday before conversion 90 90 Published: item.Published, 91 91 } 92 92 }