summaryrefslogtreecommitdiffstats
path: root/modules/markup/sanitizer.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/markup/sanitizer.go')
-rw-r--r--modules/markup/sanitizer.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go
index 95c6eb0dc4..ddb5584e80 100644
--- a/modules/markup/sanitizer.go
+++ b/modules/markup/sanitizer.go
@@ -42,7 +42,7 @@ func ReplaceSanitizer() {
// Checkboxes
sanitizer.policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")
- sanitizer.policy.AllowAttrs("checked", "disabled").OnElements("input")
+ sanitizer.policy.AllowAttrs("checked", "disabled", "readonly").OnElements("input")
// Custom URL-Schemes
sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
@@ -57,7 +57,11 @@ func ReplaceSanitizer() {
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`task-list`)).OnElements("ul")
// Allow icons
- sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^icon(\s+[\p{L}\p{N}_-]+)+$`)).OnElements("i", "span")
+ sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^icon(\s+[\p{L}\p{N}_-]+)+$`)).OnElements("i")
+ sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(ui checkbox)|(ui checked checkbox))$`)).OnElements("span")
+
+ // Allow unlabelled labels
+ sanitizer.policy.AllowNoAttrs().OnElements("label")
// Allow generally safe attributes
generalSafeAttrs := []string{"abbr", "accept", "accept-charset",