forgejo/modules/markup
Earl Warren 1075ff74b5
Use restricted sanitizer for repository description (#28141)
- Currently the repository description uses the same sanitizer as a
normal markdown document. This means that element such as heading and
images are allowed and can be abused.
- Create a minimal restricted sanitizer for the repository description,
which only allows what the postprocessor currently allows, which are
links and emojis.
- Added unit testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1202
- Resolves https://codeberg.org/Codeberg/Community/issues/1122

(cherry picked from commit 631c87cc23)

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-11-23 16:34:25 +00:00
..
asciicast
common
console
csv
external
markdown
mdstripper
orgmode
camo.go
camo_test.go
html.go Render email addresses as such if followed by punctuation (#27987) 2023-11-11 05:08:19 +01:00
html_internal_test.go
html_test.go Render email addresses as such if followed by punctuation (#27987) 2023-11-11 05:08:19 +01:00
renderer.go
renderer_test.go
sanitizer.go Use restricted sanitizer for repository description (#28141) 2023-11-23 16:34:25 +00:00
sanitizer_test.go Use restricted sanitizer for repository description (#28141) 2023-11-23 16:34:25 +00:00