summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2022-03-06 16:41:54 +0800
committerGitHub <noreply@github.com>2022-03-06 16:41:54 +0800
commitb24e8d38af21fc1857b6aa66351627e3b1761608 (patch)
tree4b021069697a852808f9a1e9ee7e89ab7b2a42a5 /modules
parent3e28fa72cedc559e0dc3396d0676a5d1dab12624 (diff)
downloadgitea-b24e8d38af21fc1857b6aa66351627e3b1761608.tar.gz
gitea-b24e8d38af21fc1857b6aa66351627e3b1761608.zip
Support ignore all santize for external renderer (#18984)
* Support ignore all santize for external renderer * Update docs * Apply suggestions from code review Co-authored-by: silverwind <me@silverwind.io> * Fix doc Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: 6543 <6543@obermui.de>
Diffstat (limited to 'modules')
-rw-r--r--modules/markup/csv/csv.go5
-rw-r--r--modules/markup/external/external.go5
-rw-r--r--modules/markup/markdown/markdown.go5
-rw-r--r--modules/markup/orgmode/orgmode.go5
-rw-r--r--modules/markup/renderer.go38
-rw-r--r--modules/setting/markup.go14
6 files changed, 54 insertions, 18 deletions
diff --git a/modules/markup/csv/csv.go b/modules/markup/csv/csv.go
index de32c57a64..17c3fe6f4f 100644
--- a/modules/markup/csv/csv.go
+++ b/modules/markup/csv/csv.go
@@ -46,6 +46,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
}
}
+// SanitizerDisabled disabled sanitize if return true
+func (Renderer) SanitizerDisabled() bool {
+ return false
+}
+
func writeField(w io.Writer, element, class, field string) error {
if _, err := io.WriteString(w, "<"); err != nil {
return err
diff --git a/modules/markup/external/external.go b/modules/markup/external/external.go
index 3acb601067..4fdd4315bc 100644
--- a/modules/markup/external/external.go
+++ b/modules/markup/external/external.go
@@ -54,6 +54,11 @@ func (p *Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
return p.MarkupSanitizerRules
}
+// SanitizerDisabled disabled sanitize if return true
+func (p *Renderer) SanitizerDisabled() bool {
+ return p.DisableSanitizer
+}
+
func envMark(envName string) string {
if runtime.GOOS == "windows" {
return "%" + envName + "%"
diff --git a/modules/markup/markdown/markdown.go b/modules/markup/markdown/markdown.go
index b45b9c8b8a..320c2f7f82 100644
--- a/modules/markup/markdown/markdown.go
+++ b/modules/markup/markdown/markdown.go
@@ -221,6 +221,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
return []setting.MarkupSanitizerRule{}
}
+// SanitizerDisabled disabled sanitize if return true
+func (Renderer) SanitizerDisabled() bool {
+ return false
+}
+
// Render implements markup.Renderer
func (Renderer) Render(ctx *markup.RenderContext, input io.Reader, output io.Writer) error {
return render(ctx, input, output)
diff --git a/modules/markup/orgmode/orgmode.go b/modules/markup/orgmode/orgmode.go
index 8aa5f45ee2..2f394b992b 100644
--- a/modules/markup/orgmode/orgmode.go
+++ b/modules/markup/orgmode/orgmode.go
@@ -47,6 +47,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
return []setting.MarkupSanitizerRule{}
}
+// SanitizerDisabled disabled sanitize if return true
+func (Renderer) SanitizerDisabled() bool {
+ return false
+}
+
// Render renders orgmode rawbytes to HTML
func Render(ctx *markup.RenderContext, input io.Reader, output io.Writer) error {
htmlWriter := org.NewHTMLWriter()
diff --git a/modules/markup/renderer.go b/modules/markup/renderer.go
index 0ac0daaea9..cf8b9bace7 100644
--- a/modules/markup/renderer.go
+++ b/modules/markup/renderer.go
@@ -81,6 +81,7 @@ type Renderer interface {
Extensions() []string
NeedPostProcess() bool
SanitizerRules() []setting.MarkupSanitizerRule
+ SanitizerDisabled() bool
Render(ctx *RenderContext, input io.Reader, output io.Writer) error
}
@@ -127,6 +128,12 @@ func RenderString(ctx *RenderContext, content string) (string, error) {
return buf.String(), nil
}
+type nopCloser struct {
+ io.Writer
+}
+
+func (nopCloser) Close() error { return nil }
+
func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Writer) error {
var wg sync.WaitGroup
var err error
@@ -136,18 +143,25 @@ func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Wr
_ = pw.Close()
}()
- pr2, pw2 := io.Pipe()
- defer func() {
- _ = pr2.Close()
- _ = pw2.Close()
- }()
-
- wg.Add(1)
- go func() {
- err = SanitizeReader(pr2, renderer.Name(), output)
- _ = pr2.Close()
- wg.Done()
- }()
+ var pr2 io.ReadCloser
+ var pw2 io.WriteCloser
+
+ if !renderer.SanitizerDisabled() {
+ pr2, pw2 = io.Pipe()
+ defer func() {
+ _ = pr2.Close()
+ _ = pw2.Close()
+ }()
+
+ wg.Add(1)
+ go func() {
+ err = SanitizeReader(pr2, renderer.Name(), output)
+ _ = pr2.Close()
+ wg.Done()
+ }()
+ } else {
+ pw2 = nopCloser{output}
+ }
wg.Add(1)
go func() {
diff --git a/modules/setting/markup.go b/modules/setting/markup.go
index 09b86b9b1a..5fb6af6838 100644
--- a/modules/setting/markup.go
+++ b/modules/setting/markup.go
@@ -29,6 +29,7 @@ type MarkupRenderer struct {
IsInputFile bool
NeedPostProcess bool
MarkupSanitizerRules []MarkupSanitizerRule
+ DisableSanitizer bool
}
// MarkupSanitizerRule defines the policy for whitelisting attributes on
@@ -144,11 +145,12 @@ func newMarkupRenderer(name string, sec *ini.Section) {
}
ExternalMarkupRenderers = append(ExternalMarkupRenderers, &MarkupRenderer{
- Enabled: sec.Key("ENABLED").MustBool(false),
- MarkupName: name,
- FileExtensions: exts,
- Command: command,
- IsInputFile: sec.Key("IS_INPUT_FILE").MustBool(false),
- NeedPostProcess: sec.Key("NEED_POSTPROCESS").MustBool(true),
+ Enabled: sec.Key("ENABLED").MustBool(false),
+ MarkupName: name,
+ FileExtensions: exts,
+ Command: command,
+ IsInputFile: sec.Key("IS_INPUT_FILE").MustBool(false),
+ NeedPostProcess: sec.Key("NEED_POSTPROCESS").MustBool(true),
+ DisableSanitizer: sec.Key("DISABLE_SANITIZER").MustBool(false),
})
}