diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2024-02-15 05:48:45 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-14 21:48:45 +0000 |
| commit | f3eb835886031df7a562abc123c3f6011c81eca8 (patch) | |
| tree | 6db218680b00a81f2ea46675d5dde94642a232b9 /modules/templates | |
| parent | 94d06be035bac468129903c9f32e785baf3c1c3b (diff) | |
| download | gitea-f3eb835886031df7a562abc123c3f6011c81eca8.tar.gz gitea-f3eb835886031df7a562abc123c3f6011c81eca8.zip | |
Refactor locale&string&template related code (#29165)
Clarify when "string" should be used (and be escaped), and when
"template.HTML" should be used (no need to escape)
And help PRs like #29059 , to render the error messages correctly.
Diffstat (limited to 'modules/templates')
| -rw-r--r-- | modules/templates/helper.go | 46 |
1 files changed, 39 insertions, 7 deletions
diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 96cdd9ca46..9ff5d8927f 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -36,7 +36,7 @@ func NewFuncMap() template.FuncMap { "dict": dict, // it's lowercase because this name has been widely used. Our other functions should have uppercase names. "Eval": Eval, "Safe": Safe, - "Escape": html.EscapeString, + "Escape": Escape, "QueryEscape": url.QueryEscape, "JSEscape": template.JSEscapeString, "Str2html": Str2html, // TODO: rename it to SanitizeHTML @@ -159,7 +159,7 @@ func NewFuncMap() template.FuncMap { "RenderCodeBlock": RenderCodeBlock, "RenderIssueTitle": RenderIssueTitle, "RenderEmoji": RenderEmoji, - "RenderEmojiPlain": emoji.ReplaceAliases, + "RenderEmojiPlain": RenderEmojiPlain, "ReactionToEmoji": ReactionToEmoji, "RenderMarkdownToHtml": RenderMarkdownToHtml, @@ -180,13 +180,45 @@ func NewFuncMap() template.FuncMap { } // Safe render raw as HTML -func Safe(raw string) template.HTML { - return template.HTML(raw) +func Safe(s any) template.HTML { + switch v := s.(type) { + case string: + return template.HTML(v) + case template.HTML: + return v + } + panic(fmt.Sprintf("unexpected type %T", s)) +} + +// Str2html sanitizes the input by pre-defined markdown rules +func Str2html(s any) template.HTML { + switch v := s.(type) { + case string: + return template.HTML(markup.Sanitize(v)) + case template.HTML: + return template.HTML(markup.Sanitize(string(v))) + } + panic(fmt.Sprintf("unexpected type %T", s)) } -// Str2html render Markdown text to HTML -func Str2html(raw string) template.HTML { - return template.HTML(markup.Sanitize(raw)) +func Escape(s any) template.HTML { + switch v := s.(type) { + case string: + return template.HTML(html.EscapeString(v)) + case template.HTML: + return v + } + panic(fmt.Sprintf("unexpected type %T", s)) +} + +func RenderEmojiPlain(s any) any { + switch v := s.(type) { + case string: + return emoji.ReplaceAliases(v) + case template.HTML: + return template.HTML(emoji.ReplaceAliases(string(v))) + } + panic(fmt.Sprintf("unexpected type %T", s)) } // DotEscape wraps a dots in names with ZWJ [U+200D] in order to prevent autolinkers from detecting these as urls |