diff options
author | Kim "BKC" Carlbäcker <kim.carlbacker@gmail.com> | 2016-01-27 21:48:57 +0100 |
---|---|---|
committer | Kim "BKC" Carlbäcker <kim.carlbacker@gmail.com> | 2016-01-27 21:48:57 +0100 |
commit | 1ab8a60d737b278c176d0b6204843a79dab0e878 (patch) | |
tree | 3d7c1e2c721b5fd4df5b5f50b5308f663451f2f0 /modules | |
parent | d94342967263ab306f4726f25a726ff6091d9fbc (diff) | |
download | gitea-1ab8a60d737b278c176d0b6204843a79dab0e878.tar.gz gitea-1ab8a60d737b278c176d0b6204843a79dab0e878.zip |
Not working, but slightly better...
Diffstat (limited to 'modules')
-rw-r--r-- | modules/base/markdown.go | 2 | ||||
-rw-r--r-- | modules/base/tool.go | 22 | ||||
-rw-r--r-- | modules/template/template.go | 2 |
3 files changed, 14 insertions, 12 deletions
diff --git a/modules/base/markdown.go b/modules/base/markdown.go index 62db945a53..05ee5f4a51 100644 --- a/modules/base/markdown.go +++ b/modules/base/markdown.go @@ -340,7 +340,7 @@ OUTER_LOOP: func RenderMarkdown(rawBytes []byte, urlPrefix string, metas map[string]string) []byte { result := RenderRawMarkdown(rawBytes, urlPrefix) result = PostProcessMarkdown(result, urlPrefix, metas) - result = BuildSanitizer().SanitizeBytes(result) + result = Sanitizer.SanitizeBytes(result) return result } diff --git a/modules/base/tool.go b/modules/base/tool.go index 5280fef203..ad39db892c 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -31,17 +31,19 @@ import ( "github.com/gogits/gogs/modules/setting" ) -func BuildSanitizer() (p *bluemonday.Policy) { - p = bluemonday.UGCPolicy() - p.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") - - p.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") - p.AllowAttrs("checked", "disabled").OnElements("input") - p.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) - return p -} +var Sanitizer = bluemonday.UGCPolicy() + +func BuildSanitizer() { + // Normal markdown-stuff + Sanitizer.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") -var Sanitizer = BuildSanitizer() + // Checkboxes + Sanitizer.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") + Sanitizer.AllowAttrs("checked", "disabled").OnElements("input") + + // Custom URL-Schemes + Sanitizer.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) +} // EncodeMD5 encodes string to md5 hex value. func EncodeMD5(str string) string { diff --git a/modules/template/template.go b/modules/template/template.go index d95035c352..6099fcc987 100644 --- a/modules/template/template.go +++ b/modules/template/template.go @@ -105,7 +105,7 @@ func Safe(raw string) template.HTML { } func Str2html(raw string) template.HTML { - return template.HTML(base.BuildSanitizer().Sanitize(raw)) + return template.HTML(base.Sanitizer.Sanitize(raw)) } func Range(l int) []int { |