Not working, but slightly better...

tokarchuk/v1.17
Kim "BKC" Carlbäcker 9 years ago
parent d943429672
commit 1ab8a60d73
  1. 2
      modules/base/markdown.go
  2. 22
      modules/base/tool.go
  3. 2
      modules/template/template.go
  4. 3
      routers/install.go

@ -340,7 +340,7 @@ OUTER_LOOP:
func RenderMarkdown(rawBytes []byte, urlPrefix string, metas map[string]string) []byte { func RenderMarkdown(rawBytes []byte, urlPrefix string, metas map[string]string) []byte {
result := RenderRawMarkdown(rawBytes, urlPrefix) result := RenderRawMarkdown(rawBytes, urlPrefix)
result = PostProcessMarkdown(result, urlPrefix, metas) result = PostProcessMarkdown(result, urlPrefix, metas)
result = BuildSanitizer().SanitizeBytes(result) result = Sanitizer.SanitizeBytes(result)
return result return result
} }

@ -31,17 +31,19 @@ import (
"github.com/gogits/gogs/modules/setting" "github.com/gogits/gogs/modules/setting"
) )
func BuildSanitizer() (p *bluemonday.Policy) { var Sanitizer = bluemonday.UGCPolicy()
p = bluemonday.UGCPolicy()
p.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") func BuildSanitizer() {
// Normal markdown-stuff
p.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") Sanitizer.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
p.AllowAttrs("checked", "disabled").OnElements("input")
p.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
return p
}
var Sanitizer = BuildSanitizer() // Checkboxes
Sanitizer.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")
Sanitizer.AllowAttrs("checked", "disabled").OnElements("input")
// Custom URL-Schemes
Sanitizer.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
}
// EncodeMD5 encodes string to md5 hex value. // EncodeMD5 encodes string to md5 hex value.
func EncodeMD5(str string) string { func EncodeMD5(str string) string {

@ -105,7 +105,7 @@ func Safe(raw string) template.HTML {
} }
func Str2html(raw string) template.HTML { func Str2html(raw string) template.HTML {
return template.HTML(base.BuildSanitizer().Sanitize(raw)) return template.HTML(base.Sanitizer.Sanitize(raw))
} }
func Range(l int) []int { func Range(l int) []int {

@ -91,6 +91,9 @@ func GlobalInit() {
ssh.Listen(setting.SSHPort) ssh.Listen(setting.SSHPort)
log.Info("SSH server started on :%v", setting.SSHPort) log.Info("SSH server started on :%v", setting.SSHPort)
} }
// Build Sanitizer
base.BuildSanitizer()
} }
func InstallInit(ctx *middleware.Context) { func InstallInit(ctx *middleware.Context) {

Loading…
Cancel
Save