From 9cfd4c600ea11fec05794737cc7b41c39c9ef685 Mon Sep 17 00:00:00 2001
From: Gusted <williamzijl7@hotmail.com>
Date: Thu, 14 Jul 2022 02:59:04 +0200
Subject: [PATCH 1/2] Allow to specify colors for text in markup

- Allow users to set colors for their text elements in rendered markup. So
`<span style="color: red">Hello World!</span>` will now be accepted by
Bluemonday, other properties are still disallowed by Bluemonday.
---
 modules/markup/sanitizer.go      | 6 ++++++
 modules/markup/sanitizer_test.go | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go
index 388af567123d..57e88fdabc81 100644
--- a/modules/markup/sanitizer.go
+++ b/modules/markup/sanitizer.go
@@ -85,6 +85,12 @@ func createDefaultPolicy() *bluemonday.Policy {
 	// Allow icons, emojis, chroma syntax and keyword markup on span
 	policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(emoji))$|^([a-z][a-z0-9]{0,2})$|^` + keywordClass + `$`)).OnElements("span")
 
+	// Allow 'style' attribute on text elements.
+	policy.AllowAttrs("style").OnElements("span", "p")
+
+	// Allow 'color' property for the style attribute on text elements.
+	policy.AllowStyles("color").OnElements("span", "p")
+
 	// Allow generally safe attributes
 	generalSafeAttrs := []string{
 		"abbr", "accept", "accept-charset",
diff --git a/modules/markup/sanitizer_test.go b/modules/markup/sanitizer_test.go
index 7dfca7a468db..d13b035ad102 100644
--- a/modules/markup/sanitizer_test.go
+++ b/modules/markup/sanitizer_test.go
@@ -45,6 +45,11 @@ func Test_Sanitizer(t *testing.T) {
 		`<input type="checkbox" disabled=""/>unchecked`, `<input type="checkbox" disabled=""/>unchecked`,
 		`<span class="emoji dropdown">NAUGHTY</span>`, `<span>NAUGHTY</span>`,
 		`<span class="emoji">contents</span>`, `<span class="emoji">contents</span>`,
+
+		// Color property
+		`<span style="color: red">Hello World</span>`, `<span style="color: red">Hello World</span>`,
+		`<p style="color: red">Hello World</p>`, `<p style="color: red">Hello World</p>`,
+		`<code style="color: red">Hello World</code>`, `<code>Hello World</code>`,
 	}
 
 	for i := 0; i < len(testCases); i += 2 {

From a72576f2a23f28f893736748075cdf864f2496f4 Mon Sep 17 00:00:00 2001
From: Gusted <williamzijl7@hotmail.com>
Date: Thu, 14 Jul 2022 17:44:19 +0200
Subject: [PATCH 2/2] Add more test cases

---
 modules/markup/sanitizer_test.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/markup/sanitizer_test.go b/modules/markup/sanitizer_test.go
index d13b035ad102..b3b07404b451 100644
--- a/modules/markup/sanitizer_test.go
+++ b/modules/markup/sanitizer_test.go
@@ -50,6 +50,9 @@ func Test_Sanitizer(t *testing.T) {
 		`<span style="color: red">Hello World</span>`, `<span style="color: red">Hello World</span>`,
 		`<p style="color: red">Hello World</p>`, `<p style="color: red">Hello World</p>`,
 		`<code style="color: red">Hello World</code>`, `<code>Hello World</code>`,
+		`<span style="bad-color: red">Hello World</span>`, `<span>Hello World</span>`,
+		`<p style="bad-color: red">Hello World</p>`, `<p>Hello World</p>`,
+		`<code style="bad-color: red">Hello World</code>`, `<code>Hello World</code>`,
 	}
 
 	for i := 0; i < len(testCases); i += 2 {