diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2022-03-06 16:41:54 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-06 16:41:54 +0800 |
commit | b24e8d38af21fc1857b6aa66351627e3b1761608 (patch) | |
tree | 4b021069697a852808f9a1e9ee7e89ab7b2a42a5 /modules | |
parent | 3e28fa72cedc559e0dc3396d0676a5d1dab12624 (diff) | |
download | gitea-b24e8d38af21fc1857b6aa66351627e3b1761608.tar.gz gitea-b24e8d38af21fc1857b6aa66351627e3b1761608.zip |
Support ignore all santize for external renderer (#18984)
* Support ignore all santize for external renderer
* Update docs
* Apply suggestions from code review
Co-authored-by: silverwind <me@silverwind.io>
* Fix doc
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: 6543 <6543@obermui.de>
Diffstat (limited to 'modules')
-rw-r--r-- | modules/markup/csv/csv.go | 5 | ||||
-rw-r--r-- | modules/markup/external/external.go | 5 | ||||
-rw-r--r-- | modules/markup/markdown/markdown.go | 5 | ||||
-rw-r--r-- | modules/markup/orgmode/orgmode.go | 5 | ||||
-rw-r--r-- | modules/markup/renderer.go | 38 | ||||
-rw-r--r-- | modules/setting/markup.go | 14 |
6 files changed, 54 insertions, 18 deletions
diff --git a/modules/markup/csv/csv.go b/modules/markup/csv/csv.go index de32c57a64..17c3fe6f4f 100644 --- a/modules/markup/csv/csv.go +++ b/modules/markup/csv/csv.go @@ -46,6 +46,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule { } } +// SanitizerDisabled disabled sanitize if return true +func (Renderer) SanitizerDisabled() bool { + return false +} + func writeField(w io.Writer, element, class, field string) error { if _, err := io.WriteString(w, "<"); err != nil { return err diff --git a/modules/markup/external/external.go b/modules/markup/external/external.go index 3acb601067..4fdd4315bc 100644 --- a/modules/markup/external/external.go +++ b/modules/markup/external/external.go @@ -54,6 +54,11 @@ func (p *Renderer) SanitizerRules() []setting.MarkupSanitizerRule { return p.MarkupSanitizerRules } +// SanitizerDisabled disabled sanitize if return true +func (p *Renderer) SanitizerDisabled() bool { + return p.DisableSanitizer +} + func envMark(envName string) string { if runtime.GOOS == "windows" { return "%" + envName + "%" diff --git a/modules/markup/markdown/markdown.go b/modules/markup/markdown/markdown.go index b45b9c8b8a..320c2f7f82 100644 --- a/modules/markup/markdown/markdown.go +++ b/modules/markup/markdown/markdown.go @@ -221,6 +221,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule { return []setting.MarkupSanitizerRule{} } +// SanitizerDisabled disabled sanitize if return true +func (Renderer) SanitizerDisabled() bool { + return false +} + // Render implements markup.Renderer func (Renderer) Render(ctx *markup.RenderContext, input io.Reader, output io.Writer) error { return render(ctx, input, output) diff --git a/modules/markup/orgmode/orgmode.go b/modules/markup/orgmode/orgmode.go index 8aa5f45ee2..2f394b992b 100644 --- a/modules/markup/orgmode/orgmode.go +++ b/modules/markup/orgmode/orgmode.go @@ -47,6 +47,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule { return []setting.MarkupSanitizerRule{} } +// SanitizerDisabled disabled sanitize if return true +func (Renderer) SanitizerDisabled() bool { + return false +} + // Render renders orgmode rawbytes to HTML func Render(ctx *markup.RenderContext, input io.Reader, output io.Writer) error { htmlWriter := org.NewHTMLWriter() diff --git a/modules/markup/renderer.go b/modules/markup/renderer.go index 0ac0daaea9..cf8b9bace7 100644 --- a/modules/markup/renderer.go +++ b/modules/markup/renderer.go @@ -81,6 +81,7 @@ type Renderer interface { Extensions() []string NeedPostProcess() bool SanitizerRules() []setting.MarkupSanitizerRule + SanitizerDisabled() bool Render(ctx *RenderContext, input io.Reader, output io.Writer) error } @@ -127,6 +128,12 @@ func RenderString(ctx *RenderContext, content string) (string, error) { return buf.String(), nil } +type nopCloser struct { + io.Writer +} + +func (nopCloser) Close() error { return nil } + func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Writer) error { var wg sync.WaitGroup var err error @@ -136,18 +143,25 @@ func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Wr _ = pw.Close() }() - pr2, pw2 := io.Pipe() - defer func() { - _ = pr2.Close() - _ = pw2.Close() - }() - - wg.Add(1) - go func() { - err = SanitizeReader(pr2, renderer.Name(), output) - _ = pr2.Close() - wg.Done() - }() + var pr2 io.ReadCloser + var pw2 io.WriteCloser + + if !renderer.SanitizerDisabled() { + pr2, pw2 = io.Pipe() + defer func() { + _ = pr2.Close() + _ = pw2.Close() + }() + + wg.Add(1) + go func() { + err = SanitizeReader(pr2, renderer.Name(), output) + _ = pr2.Close() + wg.Done() + }() + } else { + pw2 = nopCloser{output} + } wg.Add(1) go func() { diff --git a/modules/setting/markup.go b/modules/setting/markup.go index 09b86b9b1a..5fb6af6838 100644 --- a/modules/setting/markup.go +++ b/modules/setting/markup.go @@ -29,6 +29,7 @@ type MarkupRenderer struct { IsInputFile bool NeedPostProcess bool MarkupSanitizerRules []MarkupSanitizerRule + DisableSanitizer bool } // MarkupSanitizerRule defines the policy for whitelisting attributes on @@ -144,11 +145,12 @@ func newMarkupRenderer(name string, sec *ini.Section) { } ExternalMarkupRenderers = append(ExternalMarkupRenderers, &MarkupRenderer{ - Enabled: sec.Key("ENABLED").MustBool(false), - MarkupName: name, - FileExtensions: exts, - Command: command, - IsInputFile: sec.Key("IS_INPUT_FILE").MustBool(false), - NeedPostProcess: sec.Key("NEED_POSTPROCESS").MustBool(true), + Enabled: sec.Key("ENABLED").MustBool(false), + MarkupName: name, + FileExtensions: exts, + Command: command, + IsInputFile: sec.Key("IS_INPUT_FILE").MustBool(false), + NeedPostProcess: sec.Key("NEED_POSTPROCESS").MustBool(true), + DisableSanitizer: sec.Key("DISABLE_SANITIZER").MustBool(false), }) } |