mirror of
https://github.com/go-gitea/gitea
synced 2024-11-05 13:49:10 +01:00
792b4dba2c
* update github.com/blevesearch/bleve v2.0.2 -> v2.0.3 * github.com/denisenkom/go-mssqldb v0.9.0 -> v0.10.0 * github.com/editorconfig/editorconfig-core-go v2.4.1 -> v2.4.2 * github.com/go-chi/cors v1.1.1 -> v1.2.0 * github.com/go-git/go-billy v5.0.0 -> v5.1.0 * github.com/go-git/go-git v5.2.0 -> v5.3.0 * github.com/go-ldap/ldap v3.2.4 -> v3.3.0 * github.com/go-redis/redis v8.6.0 -> v8.8.2 * github.com/go-sql-driver/mysql v1.5.0 -> v1.6.0 * github.com/go-swagger/go-swagger v0.26.1 -> v0.27.0 * github.com/lib/pq v1.9.0 -> v1.10.1 * github.com/mattn/go-sqlite3 v1.14.6 -> v1.14.7 * github.com/go-testfixtures/testfixtures v3.5.0 -> v3.6.0 * github.com/issue9/identicon v1.0.1 -> v1.2.0 * github.com/klauspost/compress v1.11.8 -> v1.12.1 * github.com/mgechev/revive v1.0.3 -> v1.0.6 * github.com/microcosm-cc/bluemonday v1.0.7 -> v1.0.8 * github.com/niklasfasching/go-org v1.4.0 -> v1.5.0 * github.com/olivere/elastic v7.0.22 -> v7.0.24 * github.com/pelletier/go-toml v1.8.1 -> v1.9.0 * github.com/prometheus/client_golang v1.9.0 -> v1.10.0 * github.com/xanzy/go-gitlab v0.44.0 -> v0.48.0 * github.com/yuin/goldmark v1.3.3 -> v1.3.5 * github.com/6543/go-version v1.2.4 -> v1.3.1 * do github.com/lib/pq v1.10.0 -> v1.10.1 again ...
805 lines
21 KiB
Go
Vendored
805 lines
21 KiB
Go
Vendored
package html
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"strconv"
|
|
|
|
"github.com/yuin/goldmark/ast"
|
|
"github.com/yuin/goldmark/renderer"
|
|
"github.com/yuin/goldmark/util"
|
|
)
|
|
|
|
// A Config struct has configurations for the HTML based renderers.
|
|
type Config struct {
|
|
Writer Writer
|
|
HardWraps bool
|
|
XHTML bool
|
|
Unsafe bool
|
|
}
|
|
|
|
// NewConfig returns a new Config with defaults.
|
|
func NewConfig() Config {
|
|
return Config{
|
|
Writer: DefaultWriter,
|
|
HardWraps: false,
|
|
XHTML: false,
|
|
Unsafe: false,
|
|
}
|
|
}
|
|
|
|
// SetOption implements renderer.NodeRenderer.SetOption.
|
|
func (c *Config) SetOption(name renderer.OptionName, value interface{}) {
|
|
switch name {
|
|
case optHardWraps:
|
|
c.HardWraps = value.(bool)
|
|
case optXHTML:
|
|
c.XHTML = value.(bool)
|
|
case optUnsafe:
|
|
c.Unsafe = value.(bool)
|
|
case optTextWriter:
|
|
c.Writer = value.(Writer)
|
|
}
|
|
}
|
|
|
|
// An Option interface sets options for HTML based renderers.
|
|
type Option interface {
|
|
SetHTMLOption(*Config)
|
|
}
|
|
|
|
// TextWriter is an option name used in WithWriter.
|
|
const optTextWriter renderer.OptionName = "Writer"
|
|
|
|
type withWriter struct {
|
|
value Writer
|
|
}
|
|
|
|
func (o *withWriter) SetConfig(c *renderer.Config) {
|
|
c.Options[optTextWriter] = o.value
|
|
}
|
|
|
|
func (o *withWriter) SetHTMLOption(c *Config) {
|
|
c.Writer = o.value
|
|
}
|
|
|
|
// WithWriter is a functional option that allow you to set the given writer to
|
|
// the renderer.
|
|
func WithWriter(writer Writer) interface {
|
|
renderer.Option
|
|
Option
|
|
} {
|
|
return &withWriter{writer}
|
|
}
|
|
|
|
// HardWraps is an option name used in WithHardWraps.
|
|
const optHardWraps renderer.OptionName = "HardWraps"
|
|
|
|
type withHardWraps struct {
|
|
}
|
|
|
|
func (o *withHardWraps) SetConfig(c *renderer.Config) {
|
|
c.Options[optHardWraps] = true
|
|
}
|
|
|
|
func (o *withHardWraps) SetHTMLOption(c *Config) {
|
|
c.HardWraps = true
|
|
}
|
|
|
|
// WithHardWraps is a functional option that indicates whether softline breaks
|
|
// should be rendered as '<br>'.
|
|
func WithHardWraps() interface {
|
|
renderer.Option
|
|
Option
|
|
} {
|
|
return &withHardWraps{}
|
|
}
|
|
|
|
// XHTML is an option name used in WithXHTML.
|
|
const optXHTML renderer.OptionName = "XHTML"
|
|
|
|
type withXHTML struct {
|
|
}
|
|
|
|
func (o *withXHTML) SetConfig(c *renderer.Config) {
|
|
c.Options[optXHTML] = true
|
|
}
|
|
|
|
func (o *withXHTML) SetHTMLOption(c *Config) {
|
|
c.XHTML = true
|
|
}
|
|
|
|
// WithXHTML is a functional option indicates that nodes should be rendered in
|
|
// xhtml instead of HTML5.
|
|
func WithXHTML() interface {
|
|
Option
|
|
renderer.Option
|
|
} {
|
|
return &withXHTML{}
|
|
}
|
|
|
|
// Unsafe is an option name used in WithUnsafe.
|
|
const optUnsafe renderer.OptionName = "Unsafe"
|
|
|
|
type withUnsafe struct {
|
|
}
|
|
|
|
func (o *withUnsafe) SetConfig(c *renderer.Config) {
|
|
c.Options[optUnsafe] = true
|
|
}
|
|
|
|
func (o *withUnsafe) SetHTMLOption(c *Config) {
|
|
c.Unsafe = true
|
|
}
|
|
|
|
// WithUnsafe is a functional option that renders dangerous contents
|
|
// (raw htmls and potentially dangerous links) as it is.
|
|
func WithUnsafe() interface {
|
|
renderer.Option
|
|
Option
|
|
} {
|
|
return &withUnsafe{}
|
|
}
|
|
|
|
// A Renderer struct is an implementation of renderer.NodeRenderer that renders
|
|
// nodes as (X)HTML.
|
|
type Renderer struct {
|
|
Config
|
|
}
|
|
|
|
// NewRenderer returns a new Renderer with given options.
|
|
func NewRenderer(opts ...Option) renderer.NodeRenderer {
|
|
r := &Renderer{
|
|
Config: NewConfig(),
|
|
}
|
|
|
|
for _, opt := range opts {
|
|
opt.SetHTMLOption(&r.Config)
|
|
}
|
|
return r
|
|
}
|
|
|
|
// RegisterFuncs implements NodeRenderer.RegisterFuncs .
|
|
func (r *Renderer) RegisterFuncs(reg renderer.NodeRendererFuncRegisterer) {
|
|
// blocks
|
|
|
|
reg.Register(ast.KindDocument, r.renderDocument)
|
|
reg.Register(ast.KindHeading, r.renderHeading)
|
|
reg.Register(ast.KindBlockquote, r.renderBlockquote)
|
|
reg.Register(ast.KindCodeBlock, r.renderCodeBlock)
|
|
reg.Register(ast.KindFencedCodeBlock, r.renderFencedCodeBlock)
|
|
reg.Register(ast.KindHTMLBlock, r.renderHTMLBlock)
|
|
reg.Register(ast.KindList, r.renderList)
|
|
reg.Register(ast.KindListItem, r.renderListItem)
|
|
reg.Register(ast.KindParagraph, r.renderParagraph)
|
|
reg.Register(ast.KindTextBlock, r.renderTextBlock)
|
|
reg.Register(ast.KindThematicBreak, r.renderThematicBreak)
|
|
|
|
// inlines
|
|
|
|
reg.Register(ast.KindAutoLink, r.renderAutoLink)
|
|
reg.Register(ast.KindCodeSpan, r.renderCodeSpan)
|
|
reg.Register(ast.KindEmphasis, r.renderEmphasis)
|
|
reg.Register(ast.KindImage, r.renderImage)
|
|
reg.Register(ast.KindLink, r.renderLink)
|
|
reg.Register(ast.KindRawHTML, r.renderRawHTML)
|
|
reg.Register(ast.KindText, r.renderText)
|
|
reg.Register(ast.KindString, r.renderString)
|
|
}
|
|
|
|
func (r *Renderer) writeLines(w util.BufWriter, source []byte, n ast.Node) {
|
|
l := n.Lines().Len()
|
|
for i := 0; i < l; i++ {
|
|
line := n.Lines().At(i)
|
|
r.Writer.RawWrite(w, line.Value(source))
|
|
}
|
|
}
|
|
|
|
// GlobalAttributeFilter defines attribute names which any elements can have.
|
|
var GlobalAttributeFilter = util.NewBytesFilter(
|
|
[]byte("accesskey"),
|
|
[]byte("autocapitalize"),
|
|
[]byte("class"),
|
|
[]byte("contenteditable"),
|
|
[]byte("contextmenu"),
|
|
[]byte("dir"),
|
|
[]byte("draggable"),
|
|
[]byte("dropzone"),
|
|
[]byte("hidden"),
|
|
[]byte("id"),
|
|
[]byte("itemprop"),
|
|
[]byte("lang"),
|
|
[]byte("slot"),
|
|
[]byte("spellcheck"),
|
|
[]byte("style"),
|
|
[]byte("tabindex"),
|
|
[]byte("title"),
|
|
[]byte("translate"),
|
|
)
|
|
|
|
func (r *Renderer) renderDocument(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
// nothing to do
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
// HeadingAttributeFilter defines attribute names which heading elements can have
|
|
var HeadingAttributeFilter = GlobalAttributeFilter
|
|
|
|
func (r *Renderer) renderHeading(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
n := node.(*ast.Heading)
|
|
if entering {
|
|
_, _ = w.WriteString("<h")
|
|
_ = w.WriteByte("0123456"[n.Level])
|
|
if n.Attributes() != nil {
|
|
RenderAttributes(w, node, HeadingAttributeFilter)
|
|
}
|
|
_ = w.WriteByte('>')
|
|
} else {
|
|
_, _ = w.WriteString("</h")
|
|
_ = w.WriteByte("0123456"[n.Level])
|
|
_, _ = w.WriteString(">\n")
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
// BlockquoteAttributeFilter defines attribute names which blockquote elements can have
|
|
var BlockquoteAttributeFilter = GlobalAttributeFilter.Extend(
|
|
[]byte("cite"),
|
|
)
|
|
|
|
func (r *Renderer) renderBlockquote(w util.BufWriter, source []byte, n ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if entering {
|
|
if n.Attributes() != nil {
|
|
_, _ = w.WriteString("<blockquote")
|
|
RenderAttributes(w, n, BlockquoteAttributeFilter)
|
|
_ = w.WriteByte('>')
|
|
} else {
|
|
_, _ = w.WriteString("<blockquote>\n")
|
|
}
|
|
} else {
|
|
_, _ = w.WriteString("</blockquote>\n")
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
func (r *Renderer) renderCodeBlock(w util.BufWriter, source []byte, n ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if entering {
|
|
_, _ = w.WriteString("<pre><code>")
|
|
r.writeLines(w, source, n)
|
|
} else {
|
|
_, _ = w.WriteString("</code></pre>\n")
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
func (r *Renderer) renderFencedCodeBlock(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
n := node.(*ast.FencedCodeBlock)
|
|
if entering {
|
|
_, _ = w.WriteString("<pre><code")
|
|
language := n.Language(source)
|
|
if language != nil {
|
|
_, _ = w.WriteString(" class=\"language-")
|
|
r.Writer.Write(w, language)
|
|
_, _ = w.WriteString("\"")
|
|
}
|
|
_ = w.WriteByte('>')
|
|
r.writeLines(w, source, n)
|
|
} else {
|
|
_, _ = w.WriteString("</code></pre>\n")
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
func (r *Renderer) renderHTMLBlock(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
n := node.(*ast.HTMLBlock)
|
|
if entering {
|
|
if r.Unsafe {
|
|
l := n.Lines().Len()
|
|
for i := 0; i < l; i++ {
|
|
line := n.Lines().At(i)
|
|
_, _ = w.Write(line.Value(source))
|
|
}
|
|
} else {
|
|
_, _ = w.WriteString("<!-- raw HTML omitted -->\n")
|
|
}
|
|
} else {
|
|
if n.HasClosure() {
|
|
if r.Unsafe {
|
|
closure := n.ClosureLine
|
|
_, _ = w.Write(closure.Value(source))
|
|
} else {
|
|
_, _ = w.WriteString("<!-- raw HTML omitted -->\n")
|
|
}
|
|
}
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
// ListAttributeFilter defines attribute names which list elements can have.
|
|
var ListAttributeFilter = GlobalAttributeFilter.Extend(
|
|
[]byte("start"),
|
|
[]byte("reversed"),
|
|
[]byte("type"),
|
|
)
|
|
|
|
func (r *Renderer) renderList(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
n := node.(*ast.List)
|
|
tag := "ul"
|
|
if n.IsOrdered() {
|
|
tag = "ol"
|
|
}
|
|
if entering {
|
|
_ = w.WriteByte('<')
|
|
_, _ = w.WriteString(tag)
|
|
if n.IsOrdered() && n.Start != 1 {
|
|
fmt.Fprintf(w, " start=\"%d\"", n.Start)
|
|
}
|
|
if n.Attributes() != nil {
|
|
RenderAttributes(w, n, ListAttributeFilter)
|
|
}
|
|
_, _ = w.WriteString(">\n")
|
|
} else {
|
|
_, _ = w.WriteString("</")
|
|
_, _ = w.WriteString(tag)
|
|
_, _ = w.WriteString(">\n")
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
// ListItemAttributeFilter defines attribute names which list item elements can have.
|
|
var ListItemAttributeFilter = GlobalAttributeFilter.Extend(
|
|
[]byte("value"),
|
|
)
|
|
|
|
func (r *Renderer) renderListItem(w util.BufWriter, source []byte, n ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if entering {
|
|
if n.Attributes() != nil {
|
|
_, _ = w.WriteString("<li")
|
|
RenderAttributes(w, n, ListItemAttributeFilter)
|
|
_ = w.WriteByte('>')
|
|
} else {
|
|
_, _ = w.WriteString("<li>")
|
|
}
|
|
fc := n.FirstChild()
|
|
if fc != nil {
|
|
if _, ok := fc.(*ast.TextBlock); !ok {
|
|
_ = w.WriteByte('\n')
|
|
}
|
|
}
|
|
} else {
|
|
_, _ = w.WriteString("</li>\n")
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
// ParagraphAttributeFilter defines attribute names which paragraph elements can have.
|
|
var ParagraphAttributeFilter = GlobalAttributeFilter
|
|
|
|
func (r *Renderer) renderParagraph(w util.BufWriter, source []byte, n ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if entering {
|
|
if n.Attributes() != nil {
|
|
_, _ = w.WriteString("<p")
|
|
RenderAttributes(w, n, ParagraphAttributeFilter)
|
|
_ = w.WriteByte('>')
|
|
} else {
|
|
_, _ = w.WriteString("<p>")
|
|
}
|
|
} else {
|
|
_, _ = w.WriteString("</p>\n")
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
func (r *Renderer) renderTextBlock(w util.BufWriter, source []byte, n ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if !entering {
|
|
if _, ok := n.NextSibling().(ast.Node); ok && n.FirstChild() != nil {
|
|
_ = w.WriteByte('\n')
|
|
}
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
// ThematicAttributeFilter defines attribute names which hr elements can have.
|
|
var ThematicAttributeFilter = GlobalAttributeFilter.Extend(
|
|
[]byte("align"), // [Deprecated]
|
|
[]byte("color"), // [Not Standardized]
|
|
[]byte("noshade"), // [Deprecated]
|
|
[]byte("size"), // [Deprecated]
|
|
[]byte("width"), // [Deprecated]
|
|
)
|
|
|
|
func (r *Renderer) renderThematicBreak(w util.BufWriter, source []byte, n ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if !entering {
|
|
return ast.WalkContinue, nil
|
|
}
|
|
_, _ = w.WriteString("<hr")
|
|
if n.Attributes() != nil {
|
|
RenderAttributes(w, n, ThematicAttributeFilter)
|
|
}
|
|
if r.XHTML {
|
|
_, _ = w.WriteString(" />\n")
|
|
} else {
|
|
_, _ = w.WriteString(">\n")
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
// LinkAttributeFilter defines attribute names which link elements can have.
|
|
var LinkAttributeFilter = GlobalAttributeFilter.Extend(
|
|
[]byte("download"),
|
|
// []byte("href"),
|
|
[]byte("hreflang"),
|
|
[]byte("media"),
|
|
[]byte("ping"),
|
|
[]byte("referrerpolicy"),
|
|
[]byte("rel"),
|
|
[]byte("shape"),
|
|
[]byte("target"),
|
|
)
|
|
|
|
func (r *Renderer) renderAutoLink(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
n := node.(*ast.AutoLink)
|
|
if !entering {
|
|
return ast.WalkContinue, nil
|
|
}
|
|
_, _ = w.WriteString(`<a href="`)
|
|
url := n.URL(source)
|
|
label := n.Label(source)
|
|
if n.AutoLinkType == ast.AutoLinkEmail && !bytes.HasPrefix(bytes.ToLower(url), []byte("mailto:")) {
|
|
_, _ = w.WriteString("mailto:")
|
|
}
|
|
_, _ = w.Write(util.EscapeHTML(util.URLEscape(url, false)))
|
|
if n.Attributes() != nil {
|
|
_ = w.WriteByte('"')
|
|
RenderAttributes(w, n, LinkAttributeFilter)
|
|
_ = w.WriteByte('>')
|
|
} else {
|
|
_, _ = w.WriteString(`">`)
|
|
}
|
|
_, _ = w.Write(util.EscapeHTML(label))
|
|
_, _ = w.WriteString(`</a>`)
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
// CodeAttributeFilter defines attribute names which code elements can have.
|
|
var CodeAttributeFilter = GlobalAttributeFilter
|
|
|
|
func (r *Renderer) renderCodeSpan(w util.BufWriter, source []byte, n ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if entering {
|
|
if n.Attributes() != nil {
|
|
_, _ = w.WriteString("<code")
|
|
RenderAttributes(w, n, CodeAttributeFilter)
|
|
_ = w.WriteByte('>')
|
|
} else {
|
|
_, _ = w.WriteString("<code>")
|
|
}
|
|
for c := n.FirstChild(); c != nil; c = c.NextSibling() {
|
|
segment := c.(*ast.Text).Segment
|
|
value := segment.Value(source)
|
|
if bytes.HasSuffix(value, []byte("\n")) {
|
|
r.Writer.RawWrite(w, value[:len(value)-1])
|
|
if c != n.LastChild() {
|
|
r.Writer.RawWrite(w, []byte(" "))
|
|
}
|
|
} else {
|
|
r.Writer.RawWrite(w, value)
|
|
}
|
|
}
|
|
return ast.WalkSkipChildren, nil
|
|
}
|
|
_, _ = w.WriteString("</code>")
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
// EmphasisAttributeFilter defines attribute names which emphasis elements can have.
|
|
var EmphasisAttributeFilter = GlobalAttributeFilter
|
|
|
|
func (r *Renderer) renderEmphasis(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
n := node.(*ast.Emphasis)
|
|
tag := "em"
|
|
if n.Level == 2 {
|
|
tag = "strong"
|
|
}
|
|
if entering {
|
|
_ = w.WriteByte('<')
|
|
_, _ = w.WriteString(tag)
|
|
if n.Attributes() != nil {
|
|
RenderAttributes(w, n, EmphasisAttributeFilter)
|
|
}
|
|
_ = w.WriteByte('>')
|
|
} else {
|
|
_, _ = w.WriteString("</")
|
|
_, _ = w.WriteString(tag)
|
|
_ = w.WriteByte('>')
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
func (r *Renderer) renderLink(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
n := node.(*ast.Link)
|
|
if entering {
|
|
_, _ = w.WriteString("<a href=\"")
|
|
if r.Unsafe || !IsDangerousURL(n.Destination) {
|
|
_, _ = w.Write(util.EscapeHTML(util.URLEscape(n.Destination, true)))
|
|
}
|
|
_ = w.WriteByte('"')
|
|
if n.Title != nil {
|
|
_, _ = w.WriteString(` title="`)
|
|
r.Writer.Write(w, n.Title)
|
|
_ = w.WriteByte('"')
|
|
}
|
|
if n.Attributes() != nil {
|
|
RenderAttributes(w, n, LinkAttributeFilter)
|
|
}
|
|
_ = w.WriteByte('>')
|
|
} else {
|
|
_, _ = w.WriteString("</a>")
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
// ImageAttributeFilter defines attribute names which image elements can have.
|
|
var ImageAttributeFilter = GlobalAttributeFilter.Extend(
|
|
[]byte("align"),
|
|
[]byte("border"),
|
|
[]byte("crossorigin"),
|
|
[]byte("decoding"),
|
|
[]byte("height"),
|
|
[]byte("importance"),
|
|
[]byte("intrinsicsize"),
|
|
[]byte("ismap"),
|
|
[]byte("loading"),
|
|
[]byte("referrerpolicy"),
|
|
[]byte("sizes"),
|
|
[]byte("srcset"),
|
|
[]byte("usemap"),
|
|
[]byte("width"),
|
|
)
|
|
|
|
func (r *Renderer) renderImage(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if !entering {
|
|
return ast.WalkContinue, nil
|
|
}
|
|
n := node.(*ast.Image)
|
|
_, _ = w.WriteString("<img src=\"")
|
|
if r.Unsafe || !IsDangerousURL(n.Destination) {
|
|
_, _ = w.Write(util.EscapeHTML(util.URLEscape(n.Destination, true)))
|
|
}
|
|
_, _ = w.WriteString(`" alt="`)
|
|
_, _ = w.Write(util.EscapeHTML(n.Text(source)))
|
|
_ = w.WriteByte('"')
|
|
if n.Title != nil {
|
|
_, _ = w.WriteString(` title="`)
|
|
r.Writer.Write(w, n.Title)
|
|
_ = w.WriteByte('"')
|
|
}
|
|
if n.Attributes() != nil {
|
|
RenderAttributes(w, n, ImageAttributeFilter)
|
|
}
|
|
if r.XHTML {
|
|
_, _ = w.WriteString(" />")
|
|
} else {
|
|
_, _ = w.WriteString(">")
|
|
}
|
|
return ast.WalkSkipChildren, nil
|
|
}
|
|
|
|
func (r *Renderer) renderRawHTML(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if !entering {
|
|
return ast.WalkSkipChildren, nil
|
|
}
|
|
if r.Unsafe {
|
|
n := node.(*ast.RawHTML)
|
|
l := n.Segments.Len()
|
|
for i := 0; i < l; i++ {
|
|
segment := n.Segments.At(i)
|
|
_, _ = w.Write(segment.Value(source))
|
|
}
|
|
return ast.WalkSkipChildren, nil
|
|
}
|
|
_, _ = w.WriteString("<!-- raw HTML omitted -->")
|
|
return ast.WalkSkipChildren, nil
|
|
}
|
|
|
|
func (r *Renderer) renderText(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if !entering {
|
|
return ast.WalkContinue, nil
|
|
}
|
|
n := node.(*ast.Text)
|
|
segment := n.Segment
|
|
if n.IsRaw() {
|
|
r.Writer.RawWrite(w, segment.Value(source))
|
|
} else {
|
|
r.Writer.Write(w, segment.Value(source))
|
|
if n.HardLineBreak() || (n.SoftLineBreak() && r.HardWraps) {
|
|
if r.XHTML {
|
|
_, _ = w.WriteString("<br />\n")
|
|
} else {
|
|
_, _ = w.WriteString("<br>\n")
|
|
}
|
|
} else if n.SoftLineBreak() {
|
|
_ = w.WriteByte('\n')
|
|
}
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
func (r *Renderer) renderString(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
|
|
if !entering {
|
|
return ast.WalkContinue, nil
|
|
}
|
|
n := node.(*ast.String)
|
|
if n.IsCode() {
|
|
_, _ = w.Write(n.Value)
|
|
} else {
|
|
if n.IsRaw() {
|
|
r.Writer.RawWrite(w, n.Value)
|
|
} else {
|
|
r.Writer.Write(w, n.Value)
|
|
}
|
|
}
|
|
return ast.WalkContinue, nil
|
|
}
|
|
|
|
var dataPrefix = []byte("data-")
|
|
|
|
// RenderAttributes renders given node's attributes.
|
|
// You can specify attribute names to render by the filter.
|
|
// If filter is nil, RenderAttributes renders all attributes.
|
|
func RenderAttributes(w util.BufWriter, node ast.Node, filter util.BytesFilter) {
|
|
for _, attr := range node.Attributes() {
|
|
if filter != nil && !filter.Contains(attr.Name) {
|
|
if !bytes.HasPrefix(attr.Name, dataPrefix) {
|
|
continue
|
|
}
|
|
}
|
|
_, _ = w.WriteString(" ")
|
|
_, _ = w.Write(attr.Name)
|
|
_, _ = w.WriteString(`="`)
|
|
// TODO: convert numeric values to strings
|
|
_, _ = w.Write(util.EscapeHTML(attr.Value.([]byte)))
|
|
_ = w.WriteByte('"')
|
|
}
|
|
}
|
|
|
|
// A Writer interface writes textual contents to a writer.
|
|
type Writer interface {
|
|
// Write writes the given source to writer with resolving references and unescaping
|
|
// backslash escaped characters.
|
|
Write(writer util.BufWriter, source []byte)
|
|
|
|
// RawWrite writes the given source to writer without resolving references and
|
|
// unescaping backslash escaped characters.
|
|
RawWrite(writer util.BufWriter, source []byte)
|
|
}
|
|
|
|
type defaultWriter struct {
|
|
}
|
|
|
|
func escapeRune(writer util.BufWriter, r rune) {
|
|
if r < 256 {
|
|
v := util.EscapeHTMLByte(byte(r))
|
|
if v != nil {
|
|
_, _ = writer.Write(v)
|
|
return
|
|
}
|
|
}
|
|
_, _ = writer.WriteRune(util.ToValidRune(r))
|
|
}
|
|
|
|
func (d *defaultWriter) RawWrite(writer util.BufWriter, source []byte) {
|
|
n := 0
|
|
l := len(source)
|
|
for i := 0; i < l; i++ {
|
|
v := util.EscapeHTMLByte(source[i])
|
|
if v != nil {
|
|
_, _ = writer.Write(source[i-n : i])
|
|
n = 0
|
|
_, _ = writer.Write(v)
|
|
continue
|
|
}
|
|
n++
|
|
}
|
|
if n != 0 {
|
|
_, _ = writer.Write(source[l-n:])
|
|
}
|
|
}
|
|
|
|
func (d *defaultWriter) Write(writer util.BufWriter, source []byte) {
|
|
escaped := false
|
|
var ok bool
|
|
limit := len(source)
|
|
n := 0
|
|
for i := 0; i < limit; i++ {
|
|
c := source[i]
|
|
if escaped {
|
|
if util.IsPunct(c) {
|
|
d.RawWrite(writer, source[n:i-1])
|
|
n = i
|
|
escaped = false
|
|
continue
|
|
}
|
|
}
|
|
if c == '&' {
|
|
pos := i
|
|
next := i + 1
|
|
if next < limit && source[next] == '#' {
|
|
nnext := next + 1
|
|
if nnext < limit {
|
|
nc := source[nnext]
|
|
// code point like #x22;
|
|
if nnext < limit && nc == 'x' || nc == 'X' {
|
|
start := nnext + 1
|
|
i, ok = util.ReadWhile(source, [2]int{start, limit}, util.IsHexDecimal)
|
|
if ok && i < limit && source[i] == ';' {
|
|
v, _ := strconv.ParseUint(util.BytesToReadOnlyString(source[start:i]), 16, 32)
|
|
d.RawWrite(writer, source[n:pos])
|
|
n = i + 1
|
|
escapeRune(writer, rune(v))
|
|
continue
|
|
}
|
|
// code point like #1234;
|
|
} else if nc >= '0' && nc <= '9' {
|
|
start := nnext
|
|
i, ok = util.ReadWhile(source, [2]int{start, limit}, util.IsNumeric)
|
|
if ok && i < limit && i-start < 8 && source[i] == ';' {
|
|
v, _ := strconv.ParseUint(util.BytesToReadOnlyString(source[start:i]), 0, 32)
|
|
d.RawWrite(writer, source[n:pos])
|
|
n = i + 1
|
|
escapeRune(writer, rune(v))
|
|
continue
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
start := next
|
|
i, ok = util.ReadWhile(source, [2]int{start, limit}, util.IsAlphaNumeric)
|
|
// entity reference
|
|
if ok && i < limit && source[i] == ';' {
|
|
name := util.BytesToReadOnlyString(source[start:i])
|
|
entity, ok := util.LookUpHTML5EntityByName(name)
|
|
if ok {
|
|
d.RawWrite(writer, source[n:pos])
|
|
n = i + 1
|
|
d.RawWrite(writer, entity.Characters)
|
|
continue
|
|
}
|
|
}
|
|
}
|
|
i = next - 1
|
|
}
|
|
if c == '\\' {
|
|
escaped = true
|
|
continue
|
|
}
|
|
escaped = false
|
|
}
|
|
d.RawWrite(writer, source[n:])
|
|
}
|
|
|
|
// DefaultWriter is a default implementation of the Writer.
|
|
var DefaultWriter = &defaultWriter{}
|
|
|
|
var bDataImage = []byte("data:image/")
|
|
var bPng = []byte("png;")
|
|
var bGif = []byte("gif;")
|
|
var bJpeg = []byte("jpeg;")
|
|
var bWebp = []byte("webp;")
|
|
var bJs = []byte("javascript:")
|
|
var bVb = []byte("vbscript:")
|
|
var bFile = []byte("file:")
|
|
var bData = []byte("data:")
|
|
|
|
// IsDangerousURL returns true if the given url seems a potentially dangerous url,
|
|
// otherwise false.
|
|
func IsDangerousURL(url []byte) bool {
|
|
if bytes.HasPrefix(url, bDataImage) && len(url) >= 11 {
|
|
v := url[11:]
|
|
if bytes.HasPrefix(v, bPng) || bytes.HasPrefix(v, bGif) ||
|
|
bytes.HasPrefix(v, bJpeg) || bytes.HasPrefix(v, bWebp) {
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
return bytes.HasPrefix(url, bJs) || bytes.HasPrefix(url, bVb) ||
|
|
bytes.HasPrefix(url, bFile) || bytes.HasPrefix(url, bData)
|
|
}
|