From b01dce2a6e98c25915a8e98afb741a1c34d05aba Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 16 Jun 2022 11:33:23 +0800 Subject: Allow render HTML with css/js external links (#19017) * Allow render HTML with css/js external links * Fix bug because of filename escape chars * Fix lint * Update docs about new configuration item * Fix bug of render HTML in sub directory * Add CSP head for displaying iframe in rendering file * Fix test * Apply suggestions from code review Co-authored-by: delvh * Some improvements * some improvement * revert change in SanitizerDisabled of external renderer * Add sandbox for iframe and support allow-scripts and allow-same-origin * refactor * fix * fix lint * fine tune * use single option RENDER_CONTENT_MODE, use sandbox=allow-scripts * fine tune CSP * Apply suggestions from code review Co-authored-by: wxiaoguang Co-authored-by: delvh Co-authored-by: wxiaoguang --- routers/web/repo/compare.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'routers/web/repo/compare.go') diff --git a/routers/web/repo/compare.go b/routers/web/repo/compare.go index 605594d5a9..5c46882f3d 100644 --- a/routers/web/repo/compare.go +++ b/routers/web/repo/compare.go @@ -139,7 +139,7 @@ func setCsvCompareContext(ctx *context.Context) { return csvReader, reader, err } - baseReader, baseBlobCloser, err := csvReaderFromCommit(&markup.RenderContext{Ctx: ctx, Filename: diffFile.OldName}, baseCommit) + baseReader, baseBlobCloser, err := csvReaderFromCommit(&markup.RenderContext{Ctx: ctx, RelativePath: diffFile.OldName}, baseCommit) if baseBlobCloser != nil { defer baseBlobCloser.Close() } @@ -151,7 +151,7 @@ func setCsvCompareContext(ctx *context.Context) { return CsvDiffResult{nil, "unable to load file from base commit"} } - headReader, headBlobCloser, err := csvReaderFromCommit(&markup.RenderContext{Ctx: ctx, Filename: diffFile.Name}, headCommit) + headReader, headBlobCloser, err := csvReaderFromCommit(&markup.RenderContext{Ctx: ctx, RelativePath: diffFile.Name}, headCommit) if headBlobCloser != nil { defer headBlobCloser.Close() } -- cgit v1.2.3