bluemonday VS gofeed

Compare bluemonday vs gofeed and see what are their differences.

bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS (by microcosm-cc)
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
bluemonday gofeed
6 4
2,950 2,421
1.8% -
5.6 6.1
13 days ago 28 days ago
Go Go
GNU General Public License v3.0 or later MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

bluemonday

Posts with mentions or reviews of bluemonday. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-04-10.
  • Sponsor the open source projects you depend on
    6 projects | news.ycombinator.com | 10 Apr 2023
    I'm on the receiving end of donations from sourcegraph for this. It's around $10 per month from that single donation and is for the only Go HTML santizer, which you use when you have user generated / untrusted input that you need to display as HTML. https://github.com/microcosm-cc/bluemonday

    For me the library has been good enough for my own use for a very very long time. I mostly neglect it unless there's some critical issue. I don't improve it at all as my time is better spent on my day job.

    I've often thought that there's room for improvement such as a DOM style santizer to validate input rather than just a SAX style sanitizer, perhaps formatting of output in addition to sanitising input, transformation rules, etc.

    When I got the donation I was surprised, first ever bit of support for open source software I'd written (as this was not written on company dime).

    Even at $10 per month it's motivating enough to think someone values it. If it accrues into something significant I may actually feel motivated to improve it.

    Interesting is that I'd regard this as successful by usage, it's used by virtually everything in the Go world that makes a website.

    Perhaps people don't know it exists though? And for that awareness thanks to thanks.dev

  • Does anyone know of an HTML parser that would allow me to manipulate the HMTL? Namely I'm interested in stripping all attributes from strings.
    2 projects | /r/golang | 16 Dec 2022
    For sanitizing html input at work we use https://github.com/microcosm-cc/bluemonday.
  • HTML Sanitizer API
    5 projects | news.ycombinator.com | 6 May 2021
    My thoughts as a maintainer of a HTML sanitizer https://github.com/microcosm-cc/bluemonday

    1. Sanitizing is not difficult, defining the policy/config is difficult as your need is not someone else's. First glance of this proposal is that this needs a lot more work to cover people's needs. It's good enough, but will have a lot of edges and will need to evolve.

    2. If you allow a blocklist then people will use that by default as it's easier to say "I don't want " than it is to say "I only accept 3. Even if you sanitize something you should keep the raw input... you should store the raw input alongside the sanitized (in fact the sanitized is merely a cached version of the raw input having been sanitized). The reason for this is you will have issues you need to debug (and can't without the input) and you will have round-trip edits you should support (but it's not round-trippable when everything you return is different from the input, do not punish a user who pasted HTML thinking it was safe by then not allowing them to edit it out because you threw everything away). Additionally if you want to ever report on the input, i.e. topK values, and you've modified the input and not kept raw, then you can never do this.

    4. Provide a sane default. Most engineers simply do not know what is safe or not. I ship a policy in bluemonday for user generated content... it is safe by default and good enough for most people, and it can be taken and extended due to the way the API is structured so can cover other scenarios as a foundation policy.

    I think the proposal in general: specify a standard for a sanitization API has merit. But mostly it has merit if it specifies a standard for defining sanitization policies/configuration, allowing them to be portable across different languages and systems.

    The one I wrote is very heavily inspired by https://github.com/owasp/java-html-sanitizer which is the OWASP project one maintained by Mike Samuel. When I did my research before writing the Go one, this was far and away the best way to construct the policy/config and I already saw that this perspective was more valuable than whether it's a token based parser (GIGO but low memory) or a DOM builder (more memory)... no-one cares about the internals, they care about expressing what safe means to them.

gofeed

Posts with mentions or reviews of gofeed. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-11-12.
  • IndieWebifying my Website Part 1 - Microformats and Webmentions
    3 projects | dev.to | 12 Nov 2022
    Luckily I did not have to implement any of this myself apart from some glue code to fit it together: I used the library gocron for scheduling the regular intervals, gofeed for parsing the RSS feed and webmention for extracting links and sending webmentions.
  • Show HN: The Brutalist Report – A rolling snapshot of the day’s headlines
    5 projects | news.ycombinator.com | 22 Feb 2022
    The whole thing is written in Go on my end. Ingesting new headlines is handled in a goroutine that spawns within the process every 30 mins using a combo of the wonderful gofeed (https://github.com/mmcdole/gofeed) and colly (https://github.com/gocolly/colly) libraries.

    When loading the front page, you're loading a 1-minute-cached HTML page of it that was constructed out of headlines already in my PostgreSQL database that were put there by the ingestion goroutine.

    I like the idea of word clouds actually, I think you're on to something there. I think you just need to pre-generate them rather than doing it adhoc (if that's what you're doing here) for speed. Additionally, perhaps consider using sentiment in a way that orients stories based on positive and negative sentiment. Right now I am not seeing how I as a visitor/user can act on the sentiment analysis as it is presented now.

    It would be neat to see a collection of uplifting stories grouped together through the sentiment analysis.

    Anyway, food for thought. I hope you keep hacking away on it as it's just good fun to build things.

  • Automatice el README para su perfil de GitHub con Go y GitHub Actions
    3 projects | dev.to | 25 Apr 2021
  • Automate Your GitHub Profile README with Go and GitHub Actions
    2 projects | dev.to | 22 Apr 2021
    I needed to scan the blog feed and wanted to do it in Go, so the first thing I did was look for any libraries that would make it easier for me not to reinvent the wheel and I found the github.com/mmcdole/gofeed. It had a lot of features but I had enough with the basic use described in its README.

What are some alternatives?

When comparing bluemonday and gofeed you can also consider the following projects:

gographviz - Parses the Graphviz DOT language in golang

micro-editor - A modern and intuitive terminal-based text editor

mxj - Decode / encode XML to/from map[string]interface{} (or JSON); extract values with dot-notation paths and wildcards. Replaces x2j and j2x packages.

inject

go-nmea - A NMEA parser library in pure Go

ODF - Open Document Format (ODF) generator library for Go.

go-pkg-xmlx

go-pkg-rss

GoQuery - A little like that j-thing, only in Go.

jsonpath - JSONPath with dot notation generator for golang

xml - Package feed implements a flexible, robust and efficient RSS and Atom parser

sh - A shell parser, formatter, and interpreter with bash support; includes shfmt