diff options
author | Unknwon <u@gogs.io> | 2016-02-05 13:11:45 -0500 |
---|---|---|
committer | Unknwon <u@gogs.io> | 2016-02-05 13:11:45 -0500 |
commit | 4e96a4a62b1bfbe07bc97e75478c1289f6b4d5a9 (patch) | |
tree | 789e608ccd186743b8ffb0dc99b4808fa4de23db | |
parent | d4583ebd4b2c1508ce01ea0e7f62dacd223db5c1 (diff) | |
parent | 1ab8a60d737b278c176d0b6204843a79dab0e878 (diff) | |
download | gitea-4e96a4a62b1bfbe07bc97e75478c1289f6b4d5a9.tar.gz gitea-4e96a4a62b1bfbe07bc97e75478c1289f6b4d5a9.zip |
Merge pull request #2406 from bkcsoft/feature/markdown-custom-url-scheme
Feature/markdown custom url scheme
-rw-r--r-- | conf/app.ini | 3 | ||||
-rw-r--r-- | modules/base/markdown.go | 10 | ||||
-rw-r--r-- | modules/base/tool.go | 19 | ||||
-rw-r--r-- | modules/setting/setting.go | 1 | ||||
-rw-r--r-- | routers/install.go | 3 |
5 files changed, 20 insertions, 16 deletions
diff --git a/conf/app.ini b/conf/app.ini index 69829fcaba..34259b77b2 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -41,6 +41,9 @@ ORG_PAGING_NUM = 50 [markdown] ; Enable hard line break extension ENABLE_HARD_LINE_BREAK = false +; List of custom URL-Schemes that are allowed as links when rendering Markdown +; for example git,magnet +CUSTOM_URL_SCHEMES = [server] PROTOCOL = http diff --git a/modules/base/markdown.go b/modules/base/markdown.go index 8b3c8f435c..dac51ebc27 100644 --- a/modules/base/markdown.go +++ b/modules/base/markdown.go @@ -31,16 +31,10 @@ func isalnum(c byte) bool { return (c >= '0' && c <= '9') || isletter(c) } -var validLinks = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")} +var validLinksPattern = regexp.MustCompile(`^[a-z][\w-]+://`) func isLink(link []byte) bool { - for _, prefix := range validLinks { - if len(link) > len(prefix) && bytes.Equal(bytes.ToLower(link[:len(prefix)]), prefix) && isalnum(link[len(prefix)]) { - return true - } - } - - return false + return validLinksPattern.Match(link) } func IsMarkdownFile(name string) bool { diff --git a/modules/base/tool.go b/modules/base/tool.go index f98ae28b93..ad39db892c 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -31,16 +31,19 @@ import ( "github.com/gogits/gogs/modules/setting" ) -func BuildSanitizer() (p *bluemonday.Policy) { - p = bluemonday.UGCPolicy() - p.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") +var Sanitizer = bluemonday.UGCPolicy() - p.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") - p.AllowAttrs("checked", "disabled").OnElements("input") - return p -} +func BuildSanitizer() { + // Normal markdown-stuff + Sanitizer.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") + + // Checkboxes + Sanitizer.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") + Sanitizer.AllowAttrs("checked", "disabled").OnElements("input") -var Sanitizer = BuildSanitizer() + // Custom URL-Schemes + Sanitizer.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) +} // EncodeMD5 encodes string to md5 hex value. func EncodeMD5(str string) string { diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 3936546ca6..99b968c880 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -118,6 +118,7 @@ var ( // Markdown sttings Markdown struct { EnableHardLineBreak bool + CustomURLSchemes []string `ini:"CUSTOM_URL_SCHEMES"` } // Picture settings diff --git a/routers/install.go b/routers/install.go index 120aa46851..b311355bf8 100644 --- a/routers/install.go +++ b/routers/install.go @@ -91,6 +91,9 @@ func GlobalInit() { ssh.Listen(setting.SSHPort) log.Info("SSH server started on :%v", setting.SSHPort) } + + // Build Sanitizer + base.BuildSanitizer() } func InstallInit(ctx *middleware.Context) { |