diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2017-09-17 01:17:57 +0800 |
|---|---|---|
| committer | Lauris BH <lauris@nix.lv> | 2017-09-16 20:17:57 +0300 |
| commit | 52e11b24bf5e395d83ea58c1b0fd6922efe16add (patch) | |
| tree | f00c9da35c1f2afc3446b8607217e4d4315959ec /modules/markdown/sanitizer.go | |
| parent | 911ca0215377b34559f2304a22dce863e219b255 (diff) | |
| download | gitea-52e11b24bf5e395d83ea58c1b0fd6922efe16add.tar.gz gitea-52e11b24bf5e395d83ea58c1b0fd6922efe16add.zip | |
Restructure markup & markdown to prepare for multiple markup languageā¦ (#2411)
* restructure markup & markdown to prepare for multiple markup languages support
* adjust some functions between markdown and markup
* fix tests
* improve the comments
Diffstat (limited to 'modules/markdown/sanitizer.go')
| -rw-r--r-- | modules/markdown/sanitizer.go | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/modules/markdown/sanitizer.go b/modules/markdown/sanitizer.go deleted file mode 100644 index cc00c9a1a3..0000000000 --- a/modules/markdown/sanitizer.go +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright 2017 The Gitea Authors. All rights reserved. -// Copyright 2017 The Gogs Authors. All rights reserved. -// Use of this source code is governed by a MIT-style -// license that can be found in the LICENSE file. - -package markdown - -import ( - "regexp" - "sync" - - "code.gitea.io/gitea/modules/setting" - - "github.com/microcosm-cc/bluemonday" -) - -// Sanitizer is a protection wrapper of *bluemonday.Policy which does not allow -// any modification to the underlying policies once it's been created. -type Sanitizer struct { - policy *bluemonday.Policy - init sync.Once -} - -var sanitizer = &Sanitizer{} - -// NewSanitizer initializes sanitizer with allowed attributes based on settings. -// Multiple calls to this function will only create one instance of Sanitizer during -// entire application lifecycle. -func NewSanitizer() { - sanitizer.init.Do(func() { - sanitizer.policy = bluemonday.UGCPolicy() - // We only want to allow HighlightJS specific classes for code blocks - sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^language-\w+$`)).OnElements("code") - - // Checkboxes - sanitizer.policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") - sanitizer.policy.AllowAttrs("checked", "disabled").OnElements("input") - - // Custom URL-Schemes - sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) - }) -} - -// Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist. -func Sanitize(s string) string { - NewSanitizer() - return sanitizer.policy.Sanitize(s) -} - -// SanitizeBytes takes a []byte slice that contains a HTML fragment or document and applies policy whitelist. -func SanitizeBytes(b []byte) []byte { - if len(b) == 0 { - // nothing to sanitize - return b - } - NewSanitizer() - return sanitizer.policy.SanitizeBytes(b) -} |