diff options
Diffstat (limited to 'modules/base/template.go')
| -rw-r--r-- | modules/base/template.go | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/modules/base/template.go b/modules/base/template.go index 829999d1c9..f3fa138578 100644 --- a/modules/base/template.go +++ b/modules/base/template.go @@ -13,7 +13,6 @@ import ( "strings" "time" - "github.com/microcosm-cc/bluemonday" "golang.org/x/net/html/charset" "golang.org/x/text/transform" @@ -21,11 +20,8 @@ import ( "github.com/gogits/gogs/modules/setting" ) -// FIXME: use me to Markdown API renders -var p = bluemonday.UGCPolicy() - func Str2html(raw string) template.HTML { - return template.HTML(p.Sanitize(raw)) + return template.HTML(Sanitizer.Sanitize(raw)) } func Range(l int) []int { @@ -90,6 +86,11 @@ func ToUtf8(content string) string { return res } +// RenderCommitMessage renders commit message with XSS-safe and special links. +func RenderCommitMessage(msg, urlPrefix string) template.HTML { + return template.HTML(string(RenderIssueIndexPattern([]byte(template.HTMLEscapeString(msg)), urlPrefix))) +} + var mailDomains = map[string]string{ "gmail.com": "gmail.com", } @@ -163,6 +164,7 @@ var TemplateFuncs template.FuncMap = map[string]interface{}{ "EscapePound": func(str string) string { return strings.Replace(str, "#", "%23", -1) }, + "RenderCommitMessage": RenderCommitMessage, } type Actioner interface { |