Commit graph

318 commits

Author SHA1 Message Date
Gusted
254bded75e
fix: strict matching of allowed content for sanitizer
- _Simply_ add `^$` to regexp that didn't had it yet, this avoids any
content being allowed that simply had the allowed content as a
substring.
- Fix file-preview regex to have `$` instead of `*`.

(cherry picked from commit 7067cc7da4)

v9: added fix for ref-issue, this is already fixed in forgejo branch but
not backported as it was part of a feature.
2024-11-15 11:32:51 +01:00
Lunny Xiao
ba7da0af31 Use camo.Always instead of camo.Allways (#32097)
Fix #31575

https://gitea.com/gitea/docs/pulls/73
(cherry picked from commit 8e2dd5d3ddfb442937c79f05df88d18b856952cb)
(cherry picked from commit 2ffb08bb88)
2024-09-27 08:13:30 +00:00
Bram Hagens
4a74113dee
feat(ui): add more emoji and code block rendering in issues 2024-09-24 14:20:33 +02:00
Gusted
912fe49ab3
Construct screen 2024-09-06 20:24:51 +02:00
Solomon Victorino
8f53a69c2e fix: include last line in file previews with no trailing newline 2024-08-24 17:10:31 -06:00
Solomon Victorino
22f012a859 fix: improve PR/issue short link display text
- include subpaths
- don't append "(comment)" for unrelated hash/query strings
2024-08-22 15:49:05 -06:00
TheFox0x7
f7bb75ce56
revert: accidental change 2024-08-18 16:36:06 +02:00
TheFox0x7
8322882265
style: reenable switch check 2024-08-18 15:19:01 +02:00
Jason Song
83565de2c0
Fix IsObjectExist with gogit (#31790) (tests only)
Fix #31271.

When gogit is enabled, `IsObjectExist` calls
`repo.gogitRepo.ResolveRevision`, which is not correct. It's for
checking references not objects, it could work with commit hash since
it's both a valid reference and a commit object, but it doesn't work
with blob objects.

So it causes #31271 because it reports that all blob objects do not
exist.

(cherry picked from commit f4d3120f9d1de6a260a5e625b3ffa6b35a069e9b)

Conflicts:
  trivial resolution because go-git support was dropped https://codeberg.org/forgejo/forgejo/pulls/4941
2024-08-13 09:05:43 +02:00
Gusted
bb448f3dc2
disallow javascript: URI in the repository description
- Fixes an XSS that was introduced in
https://codeberg.org/forgejo/forgejo/pulls/1433
- This XSS allows for `href`s in anchor elements to be set to a
`javascript:` uri in the repository description, which would upon
clicking (and not upon loading) the anchor element execute the specified
javascript in that uri.
- [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs) is now called for the repository description
policy, which ensures that URIs in anchor elements are `mailto:`,
`http://` or `https://` and thereby disallowing the `javascript:` URI.
It also now allows non-relative links and sets `rel="nofollow"` on
anchor elements.
- Unit test added.
2024-08-09 07:04:01 +02:00
Gusted
05e163aaf3
[BUG] Render references to cross-repo issues with external issues
- If you have the external issue setting enabled, any reference would
have been rendered as an external issue, however this shouldn't be
happening to references that refer to issues in other repositories.
- Unit test added.
2024-08-07 03:19:26 +02:00
0ko
ca5a5bf120 feat: allow color and background-color style properties for table cells (#4766)
* Allow adding text color and background color to HTML table headers and cells in markdown.
* Added a few test cases.

Preview and example: https://codeberg.org/attachments/98634f30-4fa2-4a76-adb3-6086af73744f

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4766
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-31 18:48:46 +00:00
TheFox0x7
4de909747b Add testifylint to lint checks (#4535)
go-require lint is ignored for now

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4535
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-07-30 19:41:10 +00:00
Gusted
efd63ec1d8
[BUG] Don't panic on empty blockquote
- On a empty blockquote the callout feature would panic, as it expects
to always have at least one child.
- This panic cannot result in a DoS, because any panic that happens
while rendering any markdown input will be recovered gracefully.
- Adds a simple condition to avoid this panic.
2024-07-21 01:10:20 +02:00
Earl Warren
4f6c823ae7 Merge pull request '[gitea] week 2024-28 cherry pick (gitea/main -> forgejo)' (#4391) from earl-warren/wcp/2024-28 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4391
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-09 05:37:52 +00:00
charles
f92591b825
Fix markdown preview $$ support (#31514)
close #31481

currently `$$A + B$$ test` will ignore text after $$ block

test text

![圖片](https://github.com/go-gitea/gitea/assets/30816317/39b2974b-c0b6-48a0-87d0-5f4a13615eed)

before fix

![圖片](https://github.com/go-gitea/gitea/assets/30816317/15469e4c-474d-4128-b46f-d6cadaafbd68)

after fix

![圖片](https://github.com/go-gitea/gitea/assets/30816317/c1025eef-177f-4ade-988f-510e7039f3f9)

github display

![圖片](https://github.com/go-gitea/gitea/assets/30816317/97cd1e10-ac94-4899-86d8-8e359ef1d694)

(cherry picked from commit f0033051d5ce07f5a18d2aacef6bfdca5fc69014)
2024-07-07 07:29:49 +02:00
Gusted
cf8f26d616
[CHORE] Remove github.com/yuin/goldmark-meta
- Remove a unused dependency. This dependency was added to handle YAML
'frontmatter' meta, parsing them and converting them to a table or
details in the resulting HTML. As can be read in the issue that reported
the behavior of YAML frontmatter being rendered literally,
https://github.com/go-gitea/gitea/issues/5377.
- It's an unused dependency as the codebase since then moved on to do this YAML
parsing and rendering on their own, this was implemented in
812cfd0ad9.
- Adds unit tests that was related to this functionality, to proof the
codebase already handles this and to prevent regressions.
2024-07-07 03:18:13 +02:00
Gusted
3eb178db49
[CHORE] Update terminal-to-html dependency
- Update the `github.com/buildkite/terminal-to-html/v3` dependency from
version v3.10.1 to v3.13.0.
- Version v3.12.0 introduced an incompatible change, the return type of
`AsHTML` changed from `[]byte` to `string`. That same version also
introduced streaming mode
https://github.com/buildkite/terminal-to-html/pull/126, which allows us
to avoid reading the whole input into memory.
- Closes #4313
2024-07-04 23:41:17 +02:00
charles
b53be9d45c
Fix markdown math brackets render problem (#31420)
Close #31371, support `($ ... $)` like GitHub

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 90a3c20e7996e2db577a51d37f2190e2e990a22a)

Conflicts:
	modules/markup/markdown/markdown_test.go
	trivial context conflict
2024-06-23 12:40:06 +02:00
wxiaoguang
75bbca68ce
Refactor markup code (#31399)
1. use clearer names
2. remove deadcode
3. avoid name shadowing
4. eliminate some lint warnings

(cherry picked from commit 5a7376c0605415e63cb5b3b8f89ead01e567229b)

Conflicts:
	modules/markup/html.go
	simple code divergence, trivial logic
2024-06-23 11:53:36 +02:00
Oleksandr Redko
b640ac4660
Refactor to use UnsafeStringToBytes (#31358)
The PR replaces all `goldmark/util.BytesToReadOnlyString` with
`util.UnsafeBytesToString`, `goldmark/util.StringToReadOnlyBytes` with
`util.UnsafeStringToBytes`. This removes one `TODO`.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 1761459ebc7eb6d432eced093b4583425a5c5d4b)
2024-06-16 13:42:58 +02:00
Lunny Xiao
62ed5f2db5
Fix hash render end with colon (#31319)
Fix a hash render problem like `<hash>: xxxxx` which is usually used in
release notes.

(cherry picked from commit 7115dce773e3021b3538ae360c4e7344d5bbf45b)
2024-06-16 13:42:58 +02:00
silverwind
d8bc0495de
Enable unparam linter (#31277)
Enable [unparam](https://github.com/mvdan/unparam) linter.

Often I could not tell the intention why param is unused, so I put
`//nolint` for those cases like webhook request creation functions never
using `ctx`.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit fc2d75f86d77b022ece848acf2581c14ef21d43b)

Conflicts:
	modules/setting/config_env.go
	modules/storage/azureblob.go
	services/webhook/dingtalk.go
	services/webhook/discord.go
	services/webhook/feishu.go
	services/webhook/matrix.go
	services/webhook/msteams.go
	services/webhook/packagist.go
	services/webhook/slack.go
	services/webhook/telegram.go
	services/webhook/wechatwork.go

	run make lint-go and fix Forgejo specific warnings
2024-06-16 13:42:58 +02:00
Henrique Pimentel
433b6c6910
Add MAX_ROWS option for CSV rendering (#30268)
This solution implements a new config variable MAX_ROWS, which
corresponds to the “Maximum allowed rows to render CSV files. (0 for no
limit)” and rewrites the Render function for CSV files in markup module.
Now the render function only reads the file once, having MAX_FILE_SIZE+1
as a reader limit and MAX_ROWS as a row limit. When the file is larger
than MAX_FILE_SIZE or has more rows than MAX_ROWS, it only renders until
the limit, and displays a user-friendly warning informing that the
rendered data is not complete, in the user's language.

---

Previously, when a CSV file was larger than the limit, the render
function lost its function to render the code. There were also multiple
reads to the file, in order to determine its size and render or
pre-render.

The warning: ![image](https://s3.amazonaws.com/i.snag.gy/vcKh90.jpg)

(cherry picked from commit f7125ab61aaa02fd4c7ab0062a2dc9a57726e2ec)
2024-06-09 16:04:57 +02:00
Yaroslav Halchenko
2b2fd2728c Add codespell support and fix a good number of typos with its help (#3270)
More about codespell: https://github.com/codespell-project/codespell .

I personally introduced it to dozens if not hundreds of projects already and so far only positive feedback.

```
❯ grep lint-spell Makefile
	@echo " - lint-spell                       lint spelling"
	@echo " - lint-spell-fix                   lint spelling and fix issues"
lint: lint-frontend lint-backend lint-spell
lint-fix: lint-frontend-fix lint-backend-fix lint-spell-fix
.PHONY: lint-spell
lint-spell: lint-codespell
.PHONY: lint-spell-fix
lint-spell-fix: lint-codespell-fix
❯ git grep lint- -- .forgejo/
.forgejo/workflows/testing.yml:      - run: make --always-make -j$(nproc) lint-backend checks-backend # ensure the "go-licenses" make target runs
.forgejo/workflows/testing.yml:      - run: make lint-frontend
```
so how would you like me to invoke `lint-codespell` on CI? (without that would be IMHO very suboptimal and let typos sneak in)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3270
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Yaroslav Halchenko <debian@onerussian.com>
Co-committed-by: Yaroslav Halchenko <debian@onerussian.com>
2024-05-09 13:49:37 +00:00
Chongyi Zheng
c504461b66
Resolve lint for unused parameter and unnecessary type arguments (#30750)
Resolve all cases for `unused parameter` and `unnecessary type
arguments`

Related: #30729

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit e80466f7349164ce4cf3c07bdac30d736d20f035)

Conflicts:
	modules/markup/markdown/transform_codespan.go
	modules/setting/incoming_email.go
	routers/api/v1/admin/user_badge.go
	routers/private/hook_pre_receive.go
	tests/integration/repo_search_test.go
	resolved by discarding the change, this is linting only and
	for the sake of avoiding future conflicts
2024-05-05 08:38:16 +01:00
Gergely Nagy
8164ef9762
markup: Allow cross references to contain URL query parameters too
Adjust the `anyHashPattern` to match URL query parameters too, and
adjust `fullHashPatternProcessor` accordingly.

Includes a test case, and an update to an existing one to account for
the new capture group.

Fixes #3548.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 21:14:16 +02:00
Gergely Nagy
9a01062ae2
Fix user mention processing
When mentioning a user, the markup post-processor did not handle the
case where the mentioned user did not exist well: it tried to skip to
the next node, which in turn, ended up skipping the rest of the line.

To fix this, lets skip just the mentioned, but non-existing user, and
continue processing the current node from there.

Fixes #3535.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-30 12:51:30 +02:00
silverwind
12b199c5e5
Enable more revive linter rules (#30608)
Noteable additions:

- `redefines-builtin-id` forbid variable names that shadow go builtins
- `empty-lines` remove unnecessary empty lines that `gofumpt` does not
remove for some reason
- `superfluous-else` eliminate more superfluous `else` branches

Rules are also sorted alphabetically and I cleaned up various parts of
`.golangci.yml`.

(cherry picked from commit 74f0c84fa4245a20ce6fb87dac1faf2aeeded2a2)

Conflicts:
	.golangci.yml
	apply the linter recommendations to Forgejo code as well
2024-04-28 15:39:00 +02:00
0ko
469c214ec8 s/Gitea/Forgejo in various log messages and comments 2024-04-21 21:26:15 +05:00
Mai-Lapyst
acfae43253
Fix panic where now a third link breaks everything 2024-04-19 23:54:46 +02:00
Mai-Lapyst
e9eacdecd2
Fix issue where rendering stops after the first invalid parmalink 2024-04-19 18:21:21 +02:00
Mai-Lapyst
5b6b3f3fb3
Fix some edge cases; closes #3232
- Fixes wrong usage of AppURL
- Fixes wrong rendering with extra path segments when AppSubURL is empty
- Now also renders all links when 2+ permalinks are present
2024-04-17 13:02:48 +02:00
wxiaoguang
f692069616
Refactor markdown render (#30139)
Only split the file into small ones (and rename AttentionTypes to
attentionTypes)

(cherry picked from commit 71706126b56616750a65290460fd211b9b8449da)
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>

Conflicts:
	- modules/markup/markdown/goldmark.go
	- modules/markup/markdown/transform_blockquote.go
	Conflicts were resolved by favouring the Forgejo implementation:
	I copied the Forgejo code to the same place Gitea copied them
	to, and adjusted the imports accordingly.

	Apart from conflict resolution, this also moves
	`applyElementDir` from a local func in `goldmark.Transform` to a
	method on `*ASTTransformer`, to make it callable from the
	extracted functions.
2024-04-16 10:42:49 +02:00
Mai-Lapyst
1d1c0131bb Fix inline permalinks across repo; closes #2965 (#3042)
This PR fixes the possible ambiguity of rendered inline permalinks across repos by adding it as a suffix to the title element if the permalink refers to a file not inside the current repository. Closes #2965

![grafik](/attachments/e70e37b8-24c7-4f7b-ab52-92f1e8dfb009)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3042
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-04-12 22:30:20 +00:00
João Tiago
2adc3a45fb
Fixes #27605: inline math blocks can't be preceeded/followed by alphanumerical characters (#30175)
- Inline math blocks couldn't be preceeded or succeeded by
alphanumerical characters due to changes introduced in PR #21171.
Removed the condition that caused this (precedingCharacter condition)
and added a new exit condition of the for-loop that checks if a specific
'$' was escaped using '\' so that the math expression can be rendered as
intended.
- Additionally this PR fixes another bug where math blocks of the type
'$xyz$abc$' where the dollar sign was not escaped by the user, generated
an error (shown in the screenshots below)
- Altered the tests to accomodate for the changes

Former behaviour (from try.gitea.io):

![image](https://github.com/go-gitea/gitea/assets/114936010/8f0cbb21-321d-451c-b871-c67a8e1e9235)

Fixed behaviour (from my local build):

![image](https://github.com/go-gitea/gitea/assets/114936010/5c22687c-6f11-4407-b5e7-c14b838bc20d)

(Edit) Source code for the README.md file:
```
$x$ -$x$ $x$-

a$xa$ $xa$a 1$xb$ $xb$1

$a a$b b$

a$b $a a$b b$

$a a\$b b$
```

---------

Signed-off-by: João Tiago <joao.leal.tintas@tecnico.ulisboa.pt>
Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit e006451ab1509f8d6d43c5974387c05b26517392)
2024-04-07 15:40:31 +02:00
Gusted
b0cd0ebb91
[BUG] Fix crash in issue forms
- Fix a crash in the issue forms, because `ctx.Ctx` was trying to be
accessed, however this is not set in all contexts thus could result to NPE.
- Adds integration test.
- Resolves #3011
2024-04-04 15:54:06 +02:00
Gusted
6ffae461d4
[BUG] Center icon and callout text
- Wrap the icon and callout into a seperate `<p>` which has `display:
flex; align-items: center` set. To center the icon with the callout text.
- Resolves #3006
2024-04-03 22:26:19 +02:00
Earl Warren
2e744dc991 Merge pull request 'Render inline file permalinks' (#2669) from Mai-Lapyst/forgejo:markup-add-filepreview into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2669
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-01 13:57:01 +00:00
Gusted
80f22ab0d8
[BUG] Don't color dot literal color names
- Colordots are generated for colors in inline code, such as `red`,
`rgb(255, 0, 124)`, `#ffaabb` and `hsl(124, 52%, 50%)`. However this
shouldn't be doon for literal color names as these can be too common
assiocated with non-color related stuff _and matches the behavior of
some other forge_.
- Move the regexes from bluemonday to Forgejo and do the checking
ourselves.
- Adds unit tests.
- Resolves https://codeberg.org/Codeberg/Community/issues/1510
2024-03-30 14:30:41 +01:00
Mai-Lapyst
6e98bacbbd
Format code 2024-03-28 05:42:25 +01:00
Mai-Lapyst
16a8658878
Update test 2024-03-28 04:20:13 +01:00
Mai-Lapyst
7e0014dd13
Fix formating & remove commented out code 2024-03-27 18:43:55 +01:00
wxiaoguang
d4ea1c2559
Fix some pending problems (#29985)
These changes are quite independent and trivial, so I don't want to open
too many PRs.

* https://github.com/go-gitea/gitea/pull/29882#discussion_r1529607091
    * the `f.Close` should be called properly
* the error message could be more meaningful
(https://github.com/go-gitea/gitea/pull/29882#pullrequestreview-1942557935)
*
https://github.com/go-gitea/gitea/pull/29859#pullrequestreview-1942324716
    * the new translation strings don't take arguments
* https://github.com/go-gitea/gitea/pull/28710#discussion_r1443778807
    * stale for long time
*  #28140
    * a form was forgotten to be changed to work with backend code

(cherry picked from commit 226231ea27d4f2b0f09fa4efb39501507613b284)

Conflicts:
	templates/repo/issue/view_content/pull.tmpl
	discarded because unexplained
	templates/status/404.tmpl
	implemented differently in Forgejo
2024-03-26 19:04:26 +01:00
coldWater
664052fb0b
Fix missing error check of bufio.Scanner (#29882)
maybe more

(cherry picked from commit 0e183d81fc5283f9d2047472de580e4f04a046c1)
2024-03-26 19:04:25 +01:00
Mai-Lapyst
2b6546adc9
Add setting to restrict count of lines being displayed & only highlight those lines 2024-03-25 16:05:01 +01:00
Mai-Lapyst
069d87b80f
Remove unneeded case for a trailing dot 2024-03-25 14:33:54 +01:00
Earl Warren
af0bb6e68a Merge pull request '[port] gitea#29833: Refactor markdown attention render' (#2747) from algernon/forgejo:gitea/port/29833/refactor into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2747
2024-03-23 19:44:45 +00:00
Gergely Nagy
d571a2c202
Remove some more dead code from the markup sanitizer
This removes some more dead code from the markup sanitizer:

- Allowing unlabelled labels is no longer neccessary as of
  41e8b834af.
- Allowing `style` attributes on `span` and `p` are no longer necessary,
  `bluemonday` allows them by default now.

Selectively cherry picked from commit 66902d89e567ab1ae6dfb828636999c61ff0149e.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-23 17:16:22 +01:00
Earl Warren
b5775f6d6e Merge pull request 'modules/markup/markdown/ast: Drop IsColorPreview' (#2746) from algernon/forgejo:gitea/cherry-pick/29833/dead-code-removal into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2746
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-23 15:25:08 +00:00