diff options
| author | guillep2k <18600385+guillep2k@users.noreply.github.com> | 2019-10-14 22:31:09 -0300 |
|---|---|---|
| committer | zeripath <art27@cantab.net> | 2019-10-15 02:31:09 +0100 |
| commit | cea8ea5ae64bbb287ed7011c6fc2e51ccdfb9cb3 (patch) | |
| tree | 00c5b6906745fcefed54442ce43e38477218f685 /modules/markup/sanitizer.go | |
| parent | 8ad26976114c4fed6269a40e52632d065167bd20 (diff) | |
| download | gitea-cea8ea5ae64bbb287ed7011c6fc2e51ccdfb9cb3.tar.gz gitea-cea8ea5ae64bbb287ed7011c6fc2e51ccdfb9cb3.zip | |
Support inline rendering of CUSTOM_URL_SCHEMES (#8496)
* Support inline rendering of CUSTOM_URL_SCHEMES
* Fix lint
* Add tests
* Fix lint
Diffstat (limited to 'modules/markup/sanitizer.go')
| -rw-r--r-- | modules/markup/sanitizer.go | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go index fd6f90b2ab..f873e8105e 100644 --- a/modules/markup/sanitizer.go +++ b/modules/markup/sanitizer.go @@ -28,20 +28,26 @@ var sanitizer = &Sanitizer{} // entire application lifecycle. func NewSanitizer() { sanitizer.init.Do(func() { - sanitizer.policy = bluemonday.UGCPolicy() - // We only want to allow HighlightJS specific classes for code blocks - sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^language-\w+$`)).OnElements("code") + ReplaceSanitizer() + }) +} - // Checkboxes - sanitizer.policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") - sanitizer.policy.AllowAttrs("checked", "disabled").OnElements("input") +// ReplaceSanitizer replaces the current sanitizer to account for changes in settings +func ReplaceSanitizer() { + sanitizer = &Sanitizer{} + sanitizer.policy = bluemonday.UGCPolicy() + // We only want to allow HighlightJS specific classes for code blocks + sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^language-\w+$`)).OnElements("code") - // Custom URL-Schemes - sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) + // Checkboxes + sanitizer.policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") + sanitizer.policy.AllowAttrs("checked", "disabled").OnElements("input") - // Allow keyword markup - sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^` + keywordClass + `$`)).OnElements("span") - }) + // Custom URL-Schemes + sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) + + // Allow keyword markup + sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^` + keywordClass + `$`)).OnElements("span") } // Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist. |