From dae7f1ebdbe19620f40e110b285f7c0ecd0bb33b Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Mon, 4 Mar 2024 20:02:45 +0800
Subject: Remove unnecessary SanitizeHTML from code (#29575)

* "mail/issue/default.tmpl": the body is rendered by backend
`markdown.RenderString() HTML`, it has been already sanitized
* "repo/settings/webhook/base_list.tmpl": "Description" is prepared by
backend `ctx.Tr`, it doesn't need to be sanitized
---
 modules/templates/helper.go      | 10 ++--------
 modules/templates/helper_test.go |  1 -
 2 files changed, 2 insertions(+), 9 deletions(-)

(limited to 'modules')

diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 1487fce69d..0997239a55 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -208,14 +208,8 @@ func SafeHTML(s any) template.HTML {
 }
 
 // SanitizeHTML sanitizes the input by pre-defined markdown rules
-func SanitizeHTML(s any) template.HTML {
-	switch v := s.(type) {
-	case string:
-		return template.HTML(markup.Sanitize(v))
-	case template.HTML:
-		return template.HTML(markup.Sanitize(string(v)))
-	}
-	panic(fmt.Sprintf("unexpected type %T", s))
+func SanitizeHTML(s string) template.HTML {
+	return template.HTML(markup.Sanitize(s))
 }
 
 func HTMLEscape(s any) template.HTML {
diff --git a/modules/templates/helper_test.go b/modules/templates/helper_test.go
index 3365278ac2..64f29d033e 100644
--- a/modules/templates/helper_test.go
+++ b/modules/templates/helper_test.go
@@ -64,5 +64,4 @@ func TestHTMLFormat(t *testing.T) {
 
 func TestSanitizeHTML(t *testing.T) {
 	assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`))
-	assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(template.HTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`)))
 }
-- 
cgit v1.2.3