diff options
| author | Hongcai Deng <admin@dhchouse.com> | 2015-09-10 09:06:09 +0800 |
|---|---|---|
| committer | Hongcai Deng <admin@dhchouse.com> | 2015-09-10 09:06:09 +0800 |
| commit | e4d4662074472106f6a2baeb202f242196565482 (patch) | |
| tree | bdc08e5bd967e5d1e28cd5c83d6b2a4e1fc1d0c9 /modules/base | |
| parent | 357c002c033868f4211dc4daf9c701645664fd61 (diff) | |
| download | gitea-e4d4662074472106f6a2baeb202f242196565482.tar.gz gitea-e4d4662074472106f6a2baeb202f242196565482.zip | |
add regexp to restrict `<code class=""></code>`
Diffstat (limited to 'modules/base')
| -rw-r--r-- | modules/base/tool.go | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/modules/base/tool.go b/modules/base/tool.go index 0fa5648191..fa5202366a 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -15,6 +15,7 @@ import ( "hash" "html/template" "math" + "regexp" "strings" "time" @@ -26,11 +27,8 @@ import ( "github.com/gogits/gogs/modules/setting" ) -var Sanitizer = bluemonday.UGCPolicy() +var Sanitizer = bluemonday.UGCPolicy().AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") -func init() { - Sanitizer.AllowAttrs("class").OnElements("code") -} // Encode string to md5 hex value. func EncodeMd5(str string) string { |