aboutsummaryrefslogtreecommitdiffstats
path: root/modules/htmlutil
diff options
context:
space:
mode:
authorwxiaoguang <wxiaoguang@gmail.com>2024-11-18 13:25:42 +0800
committerGitHub <noreply@github.com>2024-11-18 13:25:42 +0800
commit8a20fba8eb1ac01a0de9355eff84af69d4636d96 (patch)
treebf37fa52f688a31b6cf8d4879438020b108235cc /modules/htmlutil
parent4f879a00df029e09b40f64bf8de0572704766115 (diff)
downloadgitea-8a20fba8eb1ac01a0de9355eff84af69d4636d96.tar.gz
gitea-8a20fba8eb1ac01a0de9355eff84af69d4636d96.zip
Refactor markup render system (#32533)
Remove unmaintainable sanitizer rules. No need to add special "class" regexp rules anymore, use RenderInternal.SafeAttr instead, more details (and examples) are in the tests
Diffstat (limited to 'modules/htmlutil')
-rw-r--r--modules/htmlutil/html.go48
-rw-r--r--modules/htmlutil/html_test.go15
2 files changed, 63 insertions, 0 deletions
diff --git a/modules/htmlutil/html.go b/modules/htmlutil/html.go
new file mode 100644
index 0000000000..9b5f5a92d8
--- /dev/null
+++ b/modules/htmlutil/html.go
@@ -0,0 +1,48 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package htmlutil
+
+import (
+ "fmt"
+ "html/template"
+ "slices"
+)
+
+// ParseSizeAndClass get size and class from string with default values
+// If present, "others" expects the new size first and then the classes to use
+func ParseSizeAndClass(defaultSize int, defaultClass string, others ...any) (int, string) {
+ size := defaultSize
+ if len(others) >= 1 {
+ if v, ok := others[0].(int); ok && v != 0 {
+ size = v
+ }
+ }
+ class := defaultClass
+ if len(others) >= 2 {
+ if v, ok := others[1].(string); ok && v != "" {
+ if class != "" {
+ class += " "
+ }
+ class += v
+ }
+ }
+ return size, class
+}
+
+func HTMLFormat(s string, rawArgs ...any) template.HTML {
+ args := slices.Clone(rawArgs)
+ for i, v := range args {
+ switch v := v.(type) {
+ case nil, bool, int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64, float32, float64, template.HTML:
+ // for most basic types (including template.HTML which is safe), just do nothing and use it
+ case string:
+ args[i] = template.HTMLEscapeString(v)
+ case fmt.Stringer:
+ args[i] = template.HTMLEscapeString(v.String())
+ default:
+ args[i] = template.HTMLEscapeString(fmt.Sprint(v))
+ }
+ }
+ return template.HTML(fmt.Sprintf(s, args...))
+}
diff --git a/modules/htmlutil/html_test.go b/modules/htmlutil/html_test.go
new file mode 100644
index 0000000000..5ff05d75b3
--- /dev/null
+++ b/modules/htmlutil/html_test.go
@@ -0,0 +1,15 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package htmlutil
+
+import (
+ "html/template"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestHTMLFormat(t *testing.T) {
+ assert.Equal(t, template.HTML("<a>&lt; < 1</a>"), HTMLFormat("<a>%s %s %d</a>", "<", template.HTML("<"), 1))
+}