summaryrefslogtreecommitdiffstats
path: root/modules/setting/markup.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/setting/markup.go')
-rw-r--r--modules/setting/markup.go37
1 files changed, 29 insertions, 8 deletions
diff --git a/modules/setting/markup.go b/modules/setting/markup.go
index 5fb6af6838..fd41bdd7cc 100644
--- a/modules/setting/markup.go
+++ b/modules/setting/markup.go
@@ -20,6 +20,12 @@ var (
MermaidMaxSourceCharacters int
)
+const (
+ RenderContentModeSanitized = "sanitized"
+ RenderContentModeNoSanitizer = "no-sanitizer"
+ RenderContentModeIframe = "iframe"
+)
+
// MarkupRenderer defines the external parser configured in ini
type MarkupRenderer struct {
Enabled bool
@@ -29,7 +35,7 @@ type MarkupRenderer struct {
IsInputFile bool
NeedPostProcess bool
MarkupSanitizerRules []MarkupSanitizerRule
- DisableSanitizer bool
+ RenderContentMode string
}
// MarkupSanitizerRule defines the policy for whitelisting attributes on
@@ -144,13 +150,28 @@ func newMarkupRenderer(name string, sec *ini.Section) {
return
}
+ if sec.HasKey("DISABLE_SANITIZER") {
+ log.Error("Deprecated setting `[markup.*]` `DISABLE_SANITIZER` present. This fallback will be removed in v1.18.0")
+ }
+
+ renderContentMode := sec.Key("RENDER_CONTENT_MODE").MustString(RenderContentModeSanitized)
+ if !sec.HasKey("RENDER_CONTENT_MODE") && sec.Key("DISABLE_SANITIZER").MustBool(false) {
+ renderContentMode = RenderContentModeNoSanitizer // if only the legacy DISABLE_SANITIZER exists, use it
+ }
+ if renderContentMode != RenderContentModeSanitized &&
+ renderContentMode != RenderContentModeNoSanitizer &&
+ renderContentMode != RenderContentModeIframe {
+ log.Error("invalid RENDER_CONTENT_MODE: %q, default to %q", renderContentMode, RenderContentModeSanitized)
+ renderContentMode = RenderContentModeSanitized
+ }
+
ExternalMarkupRenderers = append(ExternalMarkupRenderers, &MarkupRenderer{
- Enabled: sec.Key("ENABLED").MustBool(false),
- MarkupName: name,
- FileExtensions: exts,
- Command: command,
- IsInputFile: sec.Key("IS_INPUT_FILE").MustBool(false),
- NeedPostProcess: sec.Key("NEED_POSTPROCESS").MustBool(true),
- DisableSanitizer: sec.Key("DISABLE_SANITIZER").MustBool(false),
+ Enabled: sec.Key("ENABLED").MustBool(false),
+ MarkupName: name,
+ FileExtensions: exts,
+ Command: command,
+ IsInputFile: sec.Key("IS_INPUT_FILE").MustBool(false),
+ NeedPostProcess: sec.Key("NEED_POSTPROCESS").MustBool(true),
+ RenderContentMode: renderContentMode,
})
}