diff options
author | zeripath <art27@cantab.net> | 2021-06-16 02:02:03 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-16 03:02:03 +0200 |
commit | f4d3bf7867ac48d348f2c17637ca1229466c83bd (patch) | |
tree | 44697508b6eb4b7743be4695c624ff4e4548d05c /modules | |
parent | 3bf7a83d7f19ada1117e514d369b83a20dc4280b (diff) | |
download | gitea-f4d3bf7867ac48d348f2c17637ca1229466c83bd.tar.gz gitea-f4d3bf7867ac48d348f2c17637ca1229466c83bd.zip |
issue-keyword class is being incorrectly stripped off spans (#16163)
Bluemonday sanitizer regexp rules are not additive, so the addition of the icons,
emojis and chroma syntax policy has led to this being stripped.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules')
-rw-r--r-- | modules/markup/sanitizer.go | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go index 8d2bf5d688..5611bd06ad 100644 --- a/modules/markup/sanitizer.go +++ b/modules/markup/sanitizer.go @@ -50,9 +50,6 @@ func ReplaceSanitizer() { sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) } - // Allow keyword markup - sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^` + keywordClass + `$`)).OnElements("span") - // Allow classes for anchors sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`ref-issue`)).OnElements("a") @@ -68,8 +65,8 @@ func ReplaceSanitizer() { // Allow classes for emojis sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`emoji`)).OnElements("img") - // Allow icons, emojis, and chroma syntax on span - sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(emoji))$|^([a-z][a-z0-9]{0,2})$`)).OnElements("span") + // Allow icons, emojis, chroma syntax and keyword markup on span + sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(emoji))$|^([a-z][a-z0-9]{0,2})$|^` + keywordClass + `$`)).OnElements("span") // Allow data tables sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`data-table`)).OnElements("table") |