diff options
| -rw-r--r-- | modules/base/markdown.go | 2 | ||||
| -rw-r--r-- | modules/base/tool.go | 22 | ||||
| -rw-r--r-- | modules/template/template.go | 2 | ||||
| -rw-r--r-- | routers/install.go | 3 |
4 files changed, 17 insertions, 12 deletions
diff --git a/modules/base/markdown.go b/modules/base/markdown.go index 62db945a53..05ee5f4a51 100644 --- a/modules/base/markdown.go +++ b/modules/base/markdown.go @@ -340,7 +340,7 @@ OUTER_LOOP: func RenderMarkdown(rawBytes []byte, urlPrefix string, metas map[string]string) []byte { result := RenderRawMarkdown(rawBytes, urlPrefix) result = PostProcessMarkdown(result, urlPrefix, metas) - result = BuildSanitizer().SanitizeBytes(result) + result = Sanitizer.SanitizeBytes(result) return result } diff --git a/modules/base/tool.go b/modules/base/tool.go index 5280fef203..ad39db892c 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -31,17 +31,19 @@ import ( "github.com/gogits/gogs/modules/setting" ) -func BuildSanitizer() (p *bluemonday.Policy) { - p = bluemonday.UGCPolicy() - p.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") - - p.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") - p.AllowAttrs("checked", "disabled").OnElements("input") - p.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) - return p -} +var Sanitizer = bluemonday.UGCPolicy() + +func BuildSanitizer() { + // Normal markdown-stuff + Sanitizer.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") -var Sanitizer = BuildSanitizer() + // Checkboxes + Sanitizer.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") + Sanitizer.AllowAttrs("checked", "disabled").OnElements("input") + + // Custom URL-Schemes + Sanitizer.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) +} // EncodeMD5 encodes string to md5 hex value. func EncodeMD5(str string) string { diff --git a/modules/template/template.go b/modules/template/template.go index d95035c352..6099fcc987 100644 --- a/modules/template/template.go +++ b/modules/template/template.go @@ -105,7 +105,7 @@ func Safe(raw string) template.HTML { } func Str2html(raw string) template.HTML { - return template.HTML(base.BuildSanitizer().Sanitize(raw)) + return template.HTML(base.Sanitizer.Sanitize(raw)) } func Range(l int) []int { diff --git a/routers/install.go b/routers/install.go index 120aa46851..b311355bf8 100644 --- a/routers/install.go +++ b/routers/install.go @@ -91,6 +91,9 @@ func GlobalInit() { ssh.Listen(setting.SSHPort) log.Info("SSH server started on :%v", setting.SSHPort) } + + // Build Sanitizer + base.BuildSanitizer() } func InstallInit(ctx *middleware.Context) { |