mirror of
https://github.com/go-gitea/gitea
synced 2024-12-22 13:04:07 +01:00
Not working, but slightly better...
This commit is contained in:
parent
d943429672
commit
1ab8a60d73
4 changed files with 16 additions and 11 deletions
|
@ -340,7 +340,7 @@ OUTER_LOOP:
|
||||||
func RenderMarkdown(rawBytes []byte, urlPrefix string, metas map[string]string) []byte {
|
func RenderMarkdown(rawBytes []byte, urlPrefix string, metas map[string]string) []byte {
|
||||||
result := RenderRawMarkdown(rawBytes, urlPrefix)
|
result := RenderRawMarkdown(rawBytes, urlPrefix)
|
||||||
result = PostProcessMarkdown(result, urlPrefix, metas)
|
result = PostProcessMarkdown(result, urlPrefix, metas)
|
||||||
result = BuildSanitizer().SanitizeBytes(result)
|
result = Sanitizer.SanitizeBytes(result)
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -31,18 +31,20 @@ import (
|
||||||
"github.com/gogits/gogs/modules/setting"
|
"github.com/gogits/gogs/modules/setting"
|
||||||
)
|
)
|
||||||
|
|
||||||
func BuildSanitizer() (p *bluemonday.Policy) {
|
var Sanitizer = bluemonday.UGCPolicy()
|
||||||
p = bluemonday.UGCPolicy()
|
|
||||||
p.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
|
|
||||||
|
|
||||||
p.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")
|
func BuildSanitizer() {
|
||||||
p.AllowAttrs("checked", "disabled").OnElements("input")
|
// Normal markdown-stuff
|
||||||
p.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
|
Sanitizer.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
|
||||||
return p
|
|
||||||
|
// Checkboxes
|
||||||
|
Sanitizer.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")
|
||||||
|
Sanitizer.AllowAttrs("checked", "disabled").OnElements("input")
|
||||||
|
|
||||||
|
// Custom URL-Schemes
|
||||||
|
Sanitizer.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
|
||||||
}
|
}
|
||||||
|
|
||||||
var Sanitizer = BuildSanitizer()
|
|
||||||
|
|
||||||
// EncodeMD5 encodes string to md5 hex value.
|
// EncodeMD5 encodes string to md5 hex value.
|
||||||
func EncodeMD5(str string) string {
|
func EncodeMD5(str string) string {
|
||||||
m := md5.New()
|
m := md5.New()
|
||||||
|
|
|
@ -105,7 +105,7 @@ func Safe(raw string) template.HTML {
|
||||||
}
|
}
|
||||||
|
|
||||||
func Str2html(raw string) template.HTML {
|
func Str2html(raw string) template.HTML {
|
||||||
return template.HTML(base.BuildSanitizer().Sanitize(raw))
|
return template.HTML(base.Sanitizer.Sanitize(raw))
|
||||||
}
|
}
|
||||||
|
|
||||||
func Range(l int) []int {
|
func Range(l int) []int {
|
||||||
|
|
|
@ -91,6 +91,9 @@ func GlobalInit() {
|
||||||
ssh.Listen(setting.SSHPort)
|
ssh.Listen(setting.SSHPort)
|
||||||
log.Info("SSH server started on :%v", setting.SSHPort)
|
log.Info("SSH server started on :%v", setting.SSHPort)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Build Sanitizer
|
||||||
|
base.BuildSanitizer()
|
||||||
}
|
}
|
||||||
|
|
||||||
func InstallInit(ctx *middleware.Context) {
|
func InstallInit(ctx *middleware.Context) {
|
||||||
|
|
Loading…
Reference in a new issue