add multiple policy checks

decode.go

@@ -86,14 +86,13 @@ import (
 //
 // The JSON null value unmarshals into an interface, map, pointer, or slice
 // by setting that Go value to nil. Because null is often used in JSON to mean
-// ``not present,'' unmarshaling a JSON null into any other Go type has no effect
+// “not present,” unmarshaling a JSON null into any other Go type has no effect
 // on the value and produces no error.
 //
 // When unmarshaling quoted strings, invalid UTF-8 or
 // invalid UTF-16 surrogate pairs are not treated as an error.
 // Instead, they are replaced by the Unicode replacement
 // character U+FFFD.
-//
 func Unmarshal(data []byte, v interface{}) error {
 	// Check for well-formedness.
 	// Avoids filling out half a data structure
@@ -1210,6 +1209,10 @@ func (d *decodeState) literalInterface() interface{} {
 		if !ok {
 			panic(phasePanicMsg)
 		}
+
+		if d.useBlueMonday {
+			s = d.blueMonday.Sanitize(s)
+		}
 		return s
 
 	default: // number

stream.go

@@ -77,6 +77,14 @@ func (dec *Decoder) UseBlueMonday() *Decoder {
 	return dec
 }
 
+// UseBlueMonday causes the Decoder to unmarshal a string literal and escape
+// any XSS using the blue monday package
+func (dec *Decoder) WithPolicy(policy *bluemonday.Policy) *Decoder {
+	dec.d.useBlueMonday = true
+	dec.d.blueMonday = policy
+	return dec
+}
+
 // UseIgnoreEmpty causes the Decoder to ignore empty objects in json.
 func (dec *Decoder) IgnoreEmptyObject() { dec.d.ignoreEmpty = true }
 
@@ -331,7 +339,6 @@ var _ Unmarshaler = (*RawMessage)(nil)
 //	Number, for JSON numbers
 //	string, for JSON string literals
 //	nil, for JSON null
-//
 type Token interface{}
 
 const (