forgejo/modules/markup
Earl Warren 1075ff74b5
Use restricted sanitizer for repository description (#28141)
- Currently the repository description uses the same sanitizer as a
normal markdown document. This means that element such as heading and
images are allowed and can be abused.
- Create a minimal restricted sanitizer for the repository description,
which only allows what the postprocessor currently allows, which are
links and emojis.
- Added unit testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1202
- Resolves https://codeberg.org/Codeberg/Community/issues/1122

(cherry picked from commit 631c87cc23)

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-11-23 16:34:25 +00:00
..
asciicast
common Make user-content-* consistent with github (#26388) 2023-08-09 09:30:31 +00:00
console Add context when rendering labels or emojis (#23281) 2023-03-05 22:59:05 +01:00
csv Add context when rendering labels or emojis (#23281) 2023-03-05 22:59:05 +01:00
external
markdown Upgrade to golangci-lint@v1.55.0 (#27756) 2023-10-24 02:54:59 +00:00
mdstripper
orgmode Remove title from elements on Org mode (#27968) 2023-11-10 01:45:13 +00:00
camo.go
camo_test.go
html.go Render email addresses as such if followed by punctuation (#27987) 2023-11-11 05:08:19 +01:00
html_internal_test.go Do not highlight #number in documents (#26365) 2023-08-07 15:11:25 +02:00
html_test.go Render email addresses as such if followed by punctuation (#27987) 2023-11-11 05:08:19 +01:00
renderer.go Add RTL rendering support to Markdown (#24816) 2023-05-20 23:02:52 +02:00
renderer_test.go
sanitizer.go Use restricted sanitizer for repository description (#28141) 2023-11-23 16:34:25 +00:00
sanitizer_test.go Use restricted sanitizer for repository description (#28141) 2023-11-23 16:34:25 +00:00