summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2022-01-07 01:18:52 +0000
committerGitHub <noreply@github.com>2022-01-07 02:18:52 +0100
commit21ed4fd8da4c8992518dcfb01aa7306f7406f735 (patch)
treeeb0bdaed8d06849116818f058b6120633d329d69 /routers
parentee60f27aec0f75a34ae62841ed52579c0c20dcfa (diff)
downloadgitea-21ed4fd8da4c8992518dcfb01aa7306f7406f735.tar.gz
gitea-21ed4fd8da4c8992518dcfb01aa7306f7406f735.zip
Add warning for BIDI characters in page renders and in diffs (#17562)
Fix #17514 Given the comments I've adjusted this somewhat. The numbers of characters detected are increased and include things like the use of U+300 to make à instead of à and non-breaking spaces. There is a button which can be used to escape the content to show it. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Gwyneth Morgan <gwymor@tilde.club> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'routers')
-rw-r--r--routers/web/repo/blame.go6
-rw-r--r--routers/web/repo/lfs.go5
-rw-r--r--routers/web/repo/view.go37
-rw-r--r--routers/web/repo/wiki.go8
4 files changed, 40 insertions, 16 deletions
diff --git a/routers/web/repo/blame.go b/routers/web/repo/blame.go
index 75246c3acb..bff6a039e8 100644
--- a/routers/web/repo/blame.go
+++ b/routers/web/repo/blame.go
@@ -14,6 +14,7 @@ import (
repo_model "code.gitea.io/gitea/models/repo"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/base"
+ "code.gitea.io/gitea/modules/charset"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/highlight"
@@ -39,6 +40,7 @@ type blameRow struct {
CommitMessage string
CommitSince gotemplate.HTML
Code gotemplate.HTML
+ EscapeStatus charset.EscapeStatus
}
// RefBlame render blame page
@@ -233,6 +235,7 @@ func renderBlame(ctx *context.Context, blameParts []git.BlamePart, commitNames m
}
var lines = make([]string, 0)
rows := make([]*blameRow, 0)
+ escapeStatus := charset.EscapeStatus{}
var i = 0
var commitCnt = 0
@@ -277,11 +280,14 @@ func renderBlame(ctx *context.Context, blameParts []git.BlamePart, commitNames m
fileName := fmt.Sprintf("%v", ctx.Data["FileName"])
line = highlight.Code(fileName, language, line)
+ br.EscapeStatus, line = charset.EscapeControlString(line)
br.Code = gotemplate.HTML(line)
rows = append(rows, br)
+ escapeStatus = escapeStatus.Or(br.EscapeStatus)
}
}
+ ctx.Data["EscapeStatus"] = escapeStatus
ctx.Data["BlameRows"] = rows
ctx.Data["CommitCnt"] = commitCnt
}
diff --git a/routers/web/repo/lfs.go b/routers/web/repo/lfs.go
index 6cc05430dd..8943641381 100644
--- a/routers/web/repo/lfs.go
+++ b/routers/web/repo/lfs.go
@@ -300,10 +300,11 @@ func LFSFileGet(ctx *context.Context) {
rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc))
// Building code view blocks with line number on server side.
- fileContent, _ := io.ReadAll(rd)
+ escapedContent := &bytes.Buffer{}
+ ctx.Data["EscapeStatus"], _ = charset.EscapeControlReader(rd, escapedContent)
var output bytes.Buffer
- lines := strings.Split(string(fileContent), "\n")
+ lines := strings.Split(escapedContent.String(), "\n")
//Remove blank line at the end of file
if len(lines) > 0 && lines[len(lines)-1] == "" {
lines = lines[:len(lines)-1]
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 384681caf6..e8c02b64b8 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -339,21 +339,24 @@ func renderDirectory(ctx *context.Context, treeLink string) {
}, rd, &result)
if err != nil {
log.Error("Render failed: %v then fallback", err)
- bs, _ := io.ReadAll(rd)
+ buf := &bytes.Buffer{}
+ ctx.Data["EscapeStatus"], _ = charset.EscapeControlReader(rd, buf)
ctx.Data["FileContent"] = strings.ReplaceAll(
- gotemplate.HTMLEscapeString(string(bs)), "\n", `<br>`,
+ gotemplate.HTMLEscapeString(buf.String()), "\n", `<br>`,
)
} else {
- ctx.Data["FileContent"] = result.String()
+ ctx.Data["EscapeStatus"], ctx.Data["FileContent"] = charset.EscapeControlString(result.String())
}
} else {
ctx.Data["IsRenderedHTML"] = true
- buf, err = io.ReadAll(rd)
+ buf := &bytes.Buffer{}
+ ctx.Data["EscapeStatus"], err = charset.EscapeControlReader(rd, buf)
if err != nil {
- log.Error("ReadAll failed: %v", err)
+ log.Error("Read failed: %v", err)
}
+
ctx.Data["FileContent"] = strings.ReplaceAll(
- gotemplate.HTMLEscapeString(string(buf)), "\n", `<br>`,
+ gotemplate.HTMLEscapeString(buf.String()), "\n", `<br>`,
)
}
}
@@ -502,12 +505,15 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry, treeLink, rawLink st
ctx.ServerError("Render", err)
return
}
- ctx.Data["FileContent"] = result.String()
+ ctx.Data["EscapeStatus"], ctx.Data["FileContent"] = charset.EscapeControlString(result.String())
} else if readmeExist {
- buf, _ := io.ReadAll(rd)
+ buf := &bytes.Buffer{}
ctx.Data["IsRenderedHTML"] = true
+
+ ctx.Data["EscapeStatus"], _ = charset.EscapeControlReader(rd, buf)
+
ctx.Data["FileContent"] = strings.ReplaceAll(
- gotemplate.HTMLEscapeString(string(buf)), "\n", `<br>`,
+ gotemplate.HTMLEscapeString(buf.String()), "\n", `<br>`,
)
} else {
buf, _ := io.ReadAll(rd)
@@ -540,7 +546,15 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry, treeLink, rawLink st
language = ""
}
}
- ctx.Data["FileContent"] = highlight.File(lineNums, blob.Name(), language, buf)
+ fileContent := highlight.File(lineNums, blob.Name(), language, buf)
+ status, _ := charset.EscapeControlReader(bytes.NewReader(buf), io.Discard)
+ ctx.Data["EscapeStatus"] = status
+ statuses := make([]charset.EscapeStatus, len(fileContent))
+ for i, line := range fileContent {
+ statuses[i], fileContent[i] = charset.EscapeControlString(line)
+ }
+ ctx.Data["FileContent"] = fileContent
+ ctx.Data["LineEscapeStatus"] = statuses
}
if !isLFSFile {
if ctx.Repo.CanEnableEditor() {
@@ -588,7 +602,8 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry, treeLink, rawLink st
ctx.ServerError("Render", err)
return
}
- ctx.Data["FileContent"] = result.String()
+
+ ctx.Data["EscapeStatus"], ctx.Data["FileContent"] = charset.EscapeControlString(result.String())
}
}
diff --git a/routers/web/repo/wiki.go b/routers/web/repo/wiki.go
index d449800b84..d8666c7a29 100644
--- a/routers/web/repo/wiki.go
+++ b/routers/web/repo/wiki.go
@@ -17,6 +17,7 @@ import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/modules/base"
+ "code.gitea.io/gitea/modules/charset"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
@@ -232,7 +233,8 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
ctx.ServerError("Render", err)
return nil, nil
}
- ctx.Data["content"] = buf.String()
+
+ ctx.Data["EscapeStatus"], ctx.Data["content"] = charset.EscapeControlString(buf.String())
buf.Reset()
if err := markdown.Render(rctx, bytes.NewReader(sidebarContent), &buf); err != nil {
@@ -243,7 +245,7 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
return nil, nil
}
ctx.Data["sidebarPresent"] = sidebarContent != nil
- ctx.Data["sidebarContent"] = buf.String()
+ ctx.Data["sidebarEscapeStatus"], ctx.Data["sidebarContent"] = charset.EscapeControlString(buf.String())
buf.Reset()
if err := markdown.Render(rctx, bytes.NewReader(footerContent), &buf); err != nil {
@@ -254,7 +256,7 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
return nil, nil
}
ctx.Data["footerPresent"] = footerContent != nil
- ctx.Data["footerContent"] = buf.String()
+ ctx.Data["footerEscapeStatus"], ctx.Data["footerContent"] = charset.EscapeControlString(buf.String())
// get commit count - wiki revisions
commitsCount, _ := wikiRepo.FileCommitsCount("master", pageFilename)