Marketplace
<div align="center"> <h3>Premium sponsors</h3> <p> <a href="https://id8media.com"><strong>ID8 Media</strong></a> · <a href="https://one-studio.co"><strong>One Studio</strong></a> </p> <p><sub>Support togo — <a href="https://github.com/sponsors/fadymondy">become a sponsor</a>.</sub></p> </div>
richtext
Othertogo rich text — sanitize, store & render rich/Markdown content (XSS-safe)
togo-framework
bash
togo install togo-framework/richtextInstall
bash
togo install togo-framework/richtextThe togo answer to Rails Action Text / Trix. Accept user rich text, sanitize it to a safe allowlist (no <script>, event handlers, or javascript: URLs), render Markdown → safe HTML, and derive plain-text excerpts for search/previews.
Usage
go
// From untrusted HTML (e.g. a WYSIWYG editor):
rt := richtext.New(userHTML) // rt.HTML is sanitized + safe to render
// From Markdown:
rt = richtext.FromMarkdown("# Hi\n\n**bold** <script>alert(1)</script>")
rt.HTML // "<h1>Hi</h1>\n<p><strong>bold</strong> </p>" (script removed)
rt.PlainText() // "Hi bold" — tags stripped, entities decoded
rt.Excerpt(120)// preview text, ellipsised on a word boundary
richtext.Sanitize(htmlStr) // one-off clean
richtext.RenderMarkdown(md) // md → sanitized html
RichText marshals as {"raw": "...", "html": "..."} and re-sanitizes on unmarshal — a stored html field is never trusted.
REST
POST /api/richtext/render with {"markdown":"..."} or {"html":"..."} → {"html": "<safe>", "text": "..."}.
Security
HTML is sanitized with bluemonday's UGC policy; Markdown is rendered with goldmark and then sanitized. Always store and re-render the sanitized HTML; never render raw user input.
<div align="center"> <h3>Premium sponsors</h3> <p> <a href="https://id8media.com"><strong>ID8 Media</strong></a> · <a href="https://one-studio.co"><strong>One Studio</strong></a> </p> <p><sub>Support togo — <a href="https://github.com/sponsors/fadymondy">become a sponsor</a>.</sub></p> </div>