summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorUnknwon <joe2010xtmf@163.com>2015-01-30 18:12:30 -0500
committerUnknwon <joe2010xtmf@163.com>2015-01-30 18:12:30 -0500
commitee6786216a608fca2de322c90c7256577f2a500a (patch)
treeed91cff422302deb3b2f7da6744c8590ac90207b /modules
parent37fcc8daf2d7d86e4d0f8baaeab0b2e11e5ec8d0 (diff)
downloadgitea-ee6786216a608fca2de322c90c7256577f2a500a.tar.gz
gitea-ee6786216a608fca2de322c90c7256577f2a500a.zip
modules/base: clean code with #838
Diffstat (limited to 'modules')
-rw-r--r--modules/base/markdown.go2
-rw-r--r--modules/base/template.go6
-rw-r--r--modules/base/tool.go30
3 files changed, 5 insertions, 33 deletions
diff --git a/modules/base/markdown.go b/modules/base/markdown.go
index 2cd3617a8f..c7369ab9fd 100644
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -212,7 +212,7 @@ func RenderRawMarkdown(body []byte, urlPrefix string) []byte {
func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
body := RenderSpecialLink(rawBytes, urlPrefix)
body = RenderRawMarkdown(body, urlPrefix)
- body = XSS(body)
+ body = Sanitizer.SanitizeBytes(body)
return body
}
diff --git a/modules/base/template.go b/modules/base/template.go
index 34caa4552b..f3fa138578 100644
--- a/modules/base/template.go
+++ b/modules/base/template.go
@@ -13,7 +13,6 @@ import (
"strings"
"time"
- "github.com/microcosm-cc/bluemonday"
"golang.org/x/net/html/charset"
"golang.org/x/text/transform"
@@ -21,11 +20,8 @@ import (
"github.com/gogits/gogs/modules/setting"
)
-// FIXME: use me to Markdown API renders
-var p = bluemonday.UGCPolicy()
-
func Str2html(raw string) template.HTML {
- return template.HTML(p.Sanitize(raw))
+ return template.HTML(Sanitizer.Sanitize(raw))
}
func Range(l int) []int {
diff --git a/modules/base/tool.go b/modules/base/tool.go
index ff5a4f4cd9..5043364cec 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -15,17 +15,19 @@ import (
"hash"
"html/template"
"math"
- "regexp"
"strings"
"time"
"github.com/Unknwon/com"
"github.com/Unknwon/i18n"
+ "github.com/microcosm-cc/bluemonday"
"github.com/gogits/gogs/modules/avatar"
"github.com/gogits/gogs/modules/setting"
)
+var Sanitizer = bluemonday.UGCPolicy()
+
// Encode string to md5 hex value.
func EncodeMd5(str string) string {
m := md5.New()
@@ -473,29 +475,3 @@ func DateFormat(t time.Time, format string) string {
format = replacer.Replace(format)
return t.Format(format)
}
-
-type xssFilter struct {
- reg *regexp.Regexp
- repl []byte
-}
-
-var (
- whiteSpace = []byte(" ")
- xssFilters = []xssFilter{
- {regexp.MustCompile(`\ [ONon]\w*=["]*`), whiteSpace},
- {regexp.MustCompile(`<[SCRIPTscript]{6}`), whiteSpace},
- {regexp.MustCompile(`=[` + "`" + `'"]*[JAVASCRIPTjavascript \t\0&#x0D;]*:`), whiteSpace},
- }
-)
-
-// XSS goes through all the XSS filters to make user input content as safe as possible.
-func XSS(in []byte) []byte {
- for _, filter := range xssFilters {
- in = filter.reg.ReplaceAll(in, filter.repl)
- }
- return in
-}
-
-func XSSString(in string) string {
- return string(XSS([]byte(in)))
-}