diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2024-03-04 20:02:45 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-04 12:02:45 +0000 |
| commit | dae7f1ebdbe19620f40e110b285f7c0ecd0bb33b (patch) | |
| tree | de769b87f498ff4e2ee87828adcc2ea5da8ae5e4 | |
| parent | e91733468ef726fc9365aa4820cdd5f2ddfdaa23 (diff) | |
| download | gitea-dae7f1ebdbe19620f40e110b285f7c0ecd0bb33b.tar.gz gitea-dae7f1ebdbe19620f40e110b285f7c0ecd0bb33b.zip | |
Remove unnecessary SanitizeHTML from code (#29575)
* "mail/issue/default.tmpl": the body is rendered by backend
`markdown.RenderString() HTML`, it has been already sanitized
* "repo/settings/webhook/base_list.tmpl": "Description" is prepared by
backend `ctx.Tr`, it doesn't need to be sanitized
| -rw-r--r-- | docs/content/administration/mail-templates.en-us.md | 2 | ||||
| -rw-r--r-- | docs/content/administration/mail-templates.zh-cn.md | 2 | ||||
| -rw-r--r-- | modules/templates/helper.go | 10 | ||||
| -rw-r--r-- | modules/templates/helper_test.go | 1 | ||||
| -rw-r--r-- | templates/mail/issue/default.tmpl | 2 | ||||
| -rw-r--r-- | templates/repo/settings/webhook/base_list.tmpl | 2 | ||||
| -rw-r--r-- | templates/status/500.tmpl | 2 |
7 files changed, 7 insertions, 14 deletions
diff --git a/docs/content/administration/mail-templates.en-us.md b/docs/content/administration/mail-templates.en-us.md index 0154fe55d0..4026b89975 100644 --- a/docs/content/administration/mail-templates.en-us.md +++ b/docs/content/administration/mail-templates.en-us.md @@ -224,7 +224,7 @@ Please check [Gitea's logs](administration/logging-config.md) for error messages {{if not (eq .Body "")}} <h3>Message content</h3> <hr> - {{.Body | SanitizeHTML}} + {{.Body}} {{end}} </p> <hr> diff --git a/docs/content/administration/mail-templates.zh-cn.md b/docs/content/administration/mail-templates.zh-cn.md index e8c2817336..3c7c2a9397 100644 --- a/docs/content/administration/mail-templates.zh-cn.md +++ b/docs/content/administration/mail-templates.zh-cn.md @@ -207,7 +207,7 @@ _主题_ 和 _邮件正文_ 由 [Golang的模板引擎](https://go.dev/pkg/text/ {{if not (eq .Body "")}} <h3>消息内容:</h3> <hr> - {{.Body | SanitizeHTML}} + {{.Body}} {{end}} </p> <hr> diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 1487fce69d..0997239a55 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -208,14 +208,8 @@ func SafeHTML(s any) template.HTML { } // SanitizeHTML sanitizes the input by pre-defined markdown rules -func SanitizeHTML(s any) template.HTML { - switch v := s.(type) { - case string: - return template.HTML(markup.Sanitize(v)) - case template.HTML: - return template.HTML(markup.Sanitize(string(v))) - } - panic(fmt.Sprintf("unexpected type %T", s)) +func SanitizeHTML(s string) template.HTML { + return template.HTML(markup.Sanitize(s)) } func HTMLEscape(s any) template.HTML { diff --git a/modules/templates/helper_test.go b/modules/templates/helper_test.go index 3365278ac2..64f29d033e 100644 --- a/modules/templates/helper_test.go +++ b/modules/templates/helper_test.go @@ -64,5 +64,4 @@ func TestHTMLFormat(t *testing.T) { func TestSanitizeHTML(t *testing.T) { assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`)) - assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(template.HTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`))) } diff --git a/templates/mail/issue/default.tmpl b/templates/mail/issue/default.tmpl index 021ca3989d..395b118d3e 100644 --- a/templates/mail/issue/default.tmpl +++ b/templates/mail/issue/default.tmpl @@ -58,7 +58,7 @@ {{.locale.Tr "mail.issue.action.new" .Doer.Name .Issue.Index}} {{end}} {{else}} - {{.Body | SanitizeHTML}} + {{.Body}} {{end -}} {{- range .ReviewComments}} <hr> diff --git a/templates/repo/settings/webhook/base_list.tmpl b/templates/repo/settings/webhook/base_list.tmpl index 00f9a48ba7..e56929b70f 100644 --- a/templates/repo/settings/webhook/base_list.tmpl +++ b/templates/repo/settings/webhook/base_list.tmpl @@ -10,7 +10,7 @@ <div class="ui attached segment"> <div class="ui list"> <div class="item"> - {{.Description | SanitizeHTML}} + {{.Description}} </div> {{range .Webhooks}} <div class="item truncated-item-container"> diff --git a/templates/status/500.tmpl b/templates/status/500.tmpl index 58795e4bc0..03d0183280 100644 --- a/templates/status/500.tmpl +++ b/templates/status/500.tmpl @@ -1,5 +1,5 @@ {{/* This page should only depend the minimal template functions/variables, to avoid triggering new panics. -* base template functions: AppName, AssetUrlPrefix, AssetVersion, AppSubUrl, ThemeName, SanitizeHTML +* base template functions: AppName, AssetUrlPrefix, AssetVersion, AppSubUrl, ThemeName * ctx.Locale * .Flash * .ErrorMsg |