Say I want to allow img elements, but filter the src(s) so only some domains/patterns of image sources are allowed? How would I go about this?

The readme has a section on links that show you how to approach this: https://github.com/microcosm-cc/bluemonday#links

p.AllowAttrs("href").Matching(regexp.MustCompile(`(?i)mailto|https?`)).OnElements("a")

But bear in mind that you will have to create your own policy rather than use the built-in policies as those would permit all safe IMG src values already. Additionally read the warning on the readme, by applying your own regex there is a risk that you are not handling URI encoding that could be exploited.... if your knowledge of valid URIs is comprehensive you should be able to safely craft a regexp to match those.

Thank you! I somehow missed that on the README (sorry!) 🙇‍♂️