summaryrefslogtreecommitdiffstats
path: root/modules/markup
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2020-05-11 00:14:49 +0100
committerGitHub <noreply@github.com>2020-05-11 00:14:49 +0100
commit742e26f5a5dab8768558231cb88801911b9abaa7 (patch)
tree503132c419de71a164f8e8dd236e6146f8f4b7b6 /modules/markup
parentc9187b81164757c67a0f83ef34b001f7d38c264a (diff)
downloadgitea-742e26f5a5dab8768558231cb88801911b9abaa7.tar.gz
gitea-742e26f5a5dab8768558231cb88801911b9abaa7.zip
Prevent 500 with badly formed task list (#11328)
Fix #11317 Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules/markup')
-rw-r--r--modules/markup/markdown/goldmark.go38
-rw-r--r--modules/markup/markdown/markdown_test.go8
-rw-r--r--modules/markup/sanitizer.go2
3 files changed, 27 insertions, 21 deletions
diff --git a/modules/markup/markdown/goldmark.go b/modules/markup/markdown/goldmark.go
index 6a40a86836..bf02a22d5e 100644
--- a/modules/markup/markdown/goldmark.go
+++ b/modules/markup/markdown/goldmark.go
@@ -125,24 +125,30 @@ func (g *ASTTransformer) Transform(node *ast.Document, reader text.Reader, pc pa
}
v.Destination = link
case *ast.List:
- if v.HasChildren() && v.FirstChild().HasChildren() && v.FirstChild().FirstChild().HasChildren() {
- if _, ok := v.FirstChild().FirstChild().FirstChild().(*east.TaskCheckBox); ok {
- v.SetAttributeString("class", []byte("task-list"))
- children := make([]ast.Node, 0, v.ChildCount())
- child := v.FirstChild()
- for child != nil {
- children = append(children, child)
- child = child.NextSibling()
+ if v.HasChildren() {
+ children := make([]ast.Node, 0, v.ChildCount())
+ child := v.FirstChild()
+ for child != nil {
+ children = append(children, child)
+ child = child.NextSibling()
+ }
+ v.RemoveChildren(v)
+
+ for _, child := range children {
+ listItem := child.(*ast.ListItem)
+ if !child.HasChildren() || !child.FirstChild().HasChildren() {
+ v.AppendChild(v, child)
+ continue
}
- v.RemoveChildren(v)
-
- for _, child := range children {
- listItem := child.(*ast.ListItem)
- newChild := NewTaskCheckBoxListItem(listItem)
- taskCheckBox := child.FirstChild().FirstChild().(*east.TaskCheckBox)
- newChild.IsChecked = taskCheckBox.IsChecked
- v.AppendChild(v, newChild)
+ taskCheckBox, ok := child.FirstChild().FirstChild().(*east.TaskCheckBox)
+ if !ok {
+ v.AppendChild(v, child)
+ continue
}
+ newChild := NewTaskCheckBoxListItem(listItem)
+ newChild.IsChecked = taskCheckBox.IsChecked
+ newChild.SetAttributeString("class", []byte("task-list-item"))
+ v.AppendChild(v, newChild)
}
}
}
diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go
index b9946d7d23..7f27a43a7d 100644
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -141,10 +141,10 @@ func testAnswers(baseURLContent, baseURLImages string) []string {
<h2 id="user-content-custom-id">More tests</h2>
<p>(from <a href="https://www.markdownguide.org/extended-syntax/" rel="nofollow">https://www.markdownguide.org/extended-syntax/</a>)</p>
<h3 id="user-content-checkboxes">Checkboxes</h3>
-<ul class="task-list">
-<li><span class="ui checkbox"><input type="checkbox" readonly="readonly"/><label>unchecked</label></span></li>
-<li><span class="ui checked checkbox"><input type="checkbox" checked="" readonly="readonly"/><label>checked</label></span></li>
-<li><span class="ui checkbox"><input type="checkbox" readonly="readonly"/><label>still unchecked</label></span></li>
+<ul>
+<li class="task-list-item"><span class="ui checkbox"><input type="checkbox" readonly="readonly"/><label>unchecked</label></span></li>
+<li class="task-list-item"><span class="ui checked checkbox"><input type="checkbox" checked="" readonly="readonly"/><label>checked</label></span></li>
+<li class="task-list-item"><span class="ui checkbox"><input type="checkbox" readonly="readonly"/><label>still unchecked</label></span></li>
</ul>
<h3 id="user-content-definition-list">Definition list</h3>
<dl>
diff --git a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go
index 39e4a93dd3..1041d56a32 100644
--- a/modules/markup/sanitizer.go
+++ b/modules/markup/sanitizer.go
@@ -54,7 +54,7 @@ func ReplaceSanitizer() {
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`ref-issue`)).OnElements("a")
// Allow classes for task lists
- sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`task-list`)).OnElements("ul")
+ sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`task-list-item`)).OnElements("li")
// Allow icons
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^icon(\s+[\p{L}\p{N}_-]+)+$`)).OnElements("i")