source.dussan.org Git - gitea.git/commit

Markdown: Sanitizier Configuration (#9075)

* Support custom sanitization policy

Allowing the gitea administrator to configure sanitization policy allows
them to couple external renders and custom templates to support more
markup. In particular, the `pandoc` renderer allows generating KaTeX
annotations, wrapping them in `<span>` elements with class `math` and
either `inline` or `display` (depending on whether or not inline or
block mode was requested).

This iteration gives the administrator whitelisting powers; carefully
crafted regexes will thus let through only the desired attributes
necessary to support their custom markup.

Resolves: #9054

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Document new sanitization configuration

- Adds basic documentation to app.ini.sample,
- Adds an example to the Configuration Cheat Sheet, and
- Adds extended information to External Renderers section.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Drop extraneous length check in newMarkupSanitizer(...)

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Fix plural ELEMENT and ALLOW_ATTR in docs

These were left over from their initial names. Make them singular to
conform with the current expectations.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>

author	Alexander Scheel <alexander.m.scheel@gmail.com>
	Sat, 7 Dec 2019 19:49:04 +0000 (14:49 -0500)
committer	techknowlogick <techknowlogick@gitea.io>
	Sat, 7 Dec 2019 19:49:04 +0000 (14:49 -0500)
commit	ee7df7ba8c5e6a4b32b0c4048d2b535d8df3cbe9
tree	73229ccd7b291bc1c48fa2aed78cdf1dd7100b6f	tree \| snapshot
parent	cecc31951c1b12864e13a2dd148a5e96c74d9a5c	commit \| diff

custom/conf/app.ini.sample		diff \| blob \| history
docs/content/doc/advanced/config-cheat-sheet.en-us.md		diff \| blob \| history
docs/content/doc/advanced/external-renderers.en-us.md		diff \| blob \| history
modules/markup/sanitizer.go		diff \| blob \| history
modules/setting/markup.go		diff \| blob \| history