diff options
Diffstat (limited to 'modules/markup/sanitizer_description.go')
| -rw-r--r-- | modules/markup/sanitizer_description.go | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/modules/markup/sanitizer_description.go b/modules/markup/sanitizer_description.go new file mode 100644 index 0000000000..f8b51f2d9a --- /dev/null +++ b/modules/markup/sanitizer_description.go @@ -0,0 +1,37 @@ +// Copyright 2024 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package markup + +import ( + "regexp" + + "github.com/microcosm-cc/bluemonday" +) + +// createRepoDescriptionPolicy returns a minimal more strict policy that is used for +// repository descriptions. +func (st *Sanitizer) createRepoDescriptionPolicy() *bluemonday.Policy { + policy := bluemonday.NewPolicy() + policy.AllowStandardURLs() + + // Allow italics and bold. + policy.AllowElements("i", "b", "em", "strong") + + // Allow code. + policy.AllowElements("code") + + // Allow links + policy.AllowAttrs("href", "target", "rel").OnElements("a") + + // Allow classes for emojis + policy.AllowAttrs("class").Matching(regexp.MustCompile(`^emoji$`)).OnElements("img", "span") + policy.AllowAttrs("aria-label").OnElements("span") + + return policy +} + +// SanitizeDescription sanitizes the HTML generated for a repository description. +func SanitizeDescription(s string) string { + return GetDefaultSanitizer().descriptionPolicy.Sanitize(s) +} |