summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorKim "BKC" Carlbäcker <kim.carlbacker@gmail.com>2016-01-27 21:48:57 +0100
committerKim "BKC" Carlbäcker <kim.carlbacker@gmail.com>2016-01-27 21:48:57 +0100
commit1ab8a60d737b278c176d0b6204843a79dab0e878 (patch)
tree3d7c1e2c721b5fd4df5b5f50b5308f663451f2f0 /modules
parentd94342967263ab306f4726f25a726ff6091d9fbc (diff)
downloadgitea-1ab8a60d737b278c176d0b6204843a79dab0e878.tar.gz
gitea-1ab8a60d737b278c176d0b6204843a79dab0e878.zip
Not working, but slightly better...
Diffstat (limited to 'modules')
-rw-r--r--modules/base/markdown.go2
-rw-r--r--modules/base/tool.go22
-rw-r--r--modules/template/template.go2
3 files changed, 14 insertions, 12 deletions
diff --git a/modules/base/markdown.go b/modules/base/markdown.go
index 62db945a53..05ee5f4a51 100644
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -340,7 +340,7 @@ OUTER_LOOP:
func RenderMarkdown(rawBytes []byte, urlPrefix string, metas map[string]string) []byte {
result := RenderRawMarkdown(rawBytes, urlPrefix)
result = PostProcessMarkdown(result, urlPrefix, metas)
- result = BuildSanitizer().SanitizeBytes(result)
+ result = Sanitizer.SanitizeBytes(result)
return result
}
diff --git a/modules/base/tool.go b/modules/base/tool.go
index 5280fef203..ad39db892c 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -31,17 +31,19 @@ import (
"github.com/gogits/gogs/modules/setting"
)
-func BuildSanitizer() (p *bluemonday.Policy) {
- p = bluemonday.UGCPolicy()
- p.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
-
- p.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")
- p.AllowAttrs("checked", "disabled").OnElements("input")
- p.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
- return p
-}
+var Sanitizer = bluemonday.UGCPolicy()
+
+func BuildSanitizer() {
+ // Normal markdown-stuff
+ Sanitizer.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
-var Sanitizer = BuildSanitizer()
+ // Checkboxes
+ Sanitizer.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")
+ Sanitizer.AllowAttrs("checked", "disabled").OnElements("input")
+
+ // Custom URL-Schemes
+ Sanitizer.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
+}
// EncodeMD5 encodes string to md5 hex value.
func EncodeMD5(str string) string {
diff --git a/modules/template/template.go b/modules/template/template.go
index d95035c352..6099fcc987 100644
--- a/modules/template/template.go
+++ b/modules/template/template.go
@@ -105,7 +105,7 @@ func Safe(raw string) template.HTML {
}
func Str2html(raw string) template.HTML {
- return template.HTML(base.BuildSanitizer().Sanitize(raw))
+ return template.HTML(base.Sanitizer.Sanitize(raw))
}
func Range(l int) []int {