From b36711c1eaa26bf3d6350d061a4907a3fe8da517 Mon Sep 17 00:00:00 2001
From: Andrea Spacca <andrea.spacca@gmail.com>
Date: Tue, 2 Mar 2021 16:50:53 +0100
Subject: [PATCH] sanitize only on inline content-disposition

---
 server/handlers.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/handlers.go b/server/handlers.go
index f513997..96213e1 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -1010,7 +1010,7 @@ func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("X-Remaining-Days", remainingDays)
 
 
-	if strings.Contains(contentType, "html") {
+	if disposition == "inline" && strings.Contains(contentType, "html") {
 		reader = ioutil.NopCloser(
 			bytes.NewReader(
 				bluemonday.UGCPolicy().