Prevent 500 with badly formed task list (#11328)

Fix #11317

Signed-off-by: Andrew Thornton <art27@cantab.net>
tokarchuk/v1.17
zeripath 5 years ago committed by GitHub
parent c9187b8116
commit 742e26f5a5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 16
      modules/markup/markdown/goldmark.go
  2. 8
      modules/markup/markdown/markdown_test.go
  3. 2
      modules/markup/sanitizer.go
  4. 4
      web_src/less/_markdown.less

@ -125,9 +125,7 @@ func (g *ASTTransformer) Transform(node *ast.Document, reader text.Reader, pc pa
} }
v.Destination = link v.Destination = link
case *ast.List: case *ast.List:
if v.HasChildren() && v.FirstChild().HasChildren() && v.FirstChild().FirstChild().HasChildren() { if v.HasChildren() {
if _, ok := v.FirstChild().FirstChild().FirstChild().(*east.TaskCheckBox); ok {
v.SetAttributeString("class", []byte("task-list"))
children := make([]ast.Node, 0, v.ChildCount()) children := make([]ast.Node, 0, v.ChildCount())
child := v.FirstChild() child := v.FirstChild()
for child != nil { for child != nil {
@ -138,14 +136,22 @@ func (g *ASTTransformer) Transform(node *ast.Document, reader text.Reader, pc pa
for _, child := range children { for _, child := range children {
listItem := child.(*ast.ListItem) listItem := child.(*ast.ListItem)
if !child.HasChildren() || !child.FirstChild().HasChildren() {
v.AppendChild(v, child)
continue
}
taskCheckBox, ok := child.FirstChild().FirstChild().(*east.TaskCheckBox)
if !ok {
v.AppendChild(v, child)
continue
}
newChild := NewTaskCheckBoxListItem(listItem) newChild := NewTaskCheckBoxListItem(listItem)
taskCheckBox := child.FirstChild().FirstChild().(*east.TaskCheckBox)
newChild.IsChecked = taskCheckBox.IsChecked newChild.IsChecked = taskCheckBox.IsChecked
newChild.SetAttributeString("class", []byte("task-list-item"))
v.AppendChild(v, newChild) v.AppendChild(v, newChild)
} }
} }
} }
}
return ast.WalkContinue, nil return ast.WalkContinue, nil
}) })

@ -141,10 +141,10 @@ func testAnswers(baseURLContent, baseURLImages string) []string {
<h2 id="user-content-custom-id">More tests</h2> <h2 id="user-content-custom-id">More tests</h2>
<p>(from <a href="https://www.markdownguide.org/extended-syntax/" rel="nofollow">https://www.markdownguide.org/extended-syntax/</a>)</p> <p>(from <a href="https://www.markdownguide.org/extended-syntax/" rel="nofollow">https://www.markdownguide.org/extended-syntax/</a>)</p>
<h3 id="user-content-checkboxes">Checkboxes</h3> <h3 id="user-content-checkboxes">Checkboxes</h3>
<ul class="task-list"> <ul>
<li><span class="ui checkbox"><input type="checkbox" readonly="readonly"/><label>unchecked</label></span></li> <li class="task-list-item"><span class="ui checkbox"><input type="checkbox" readonly="readonly"/><label>unchecked</label></span></li>
<li><span class="ui checked checkbox"><input type="checkbox" checked="" readonly="readonly"/><label>checked</label></span></li> <li class="task-list-item"><span class="ui checked checkbox"><input type="checkbox" checked="" readonly="readonly"/><label>checked</label></span></li>
<li><span class="ui checkbox"><input type="checkbox" readonly="readonly"/><label>still unchecked</label></span></li> <li class="task-list-item"><span class="ui checkbox"><input type="checkbox" readonly="readonly"/><label>still unchecked</label></span></li>
</ul> </ul>
<h3 id="user-content-definition-list">Definition list</h3> <h3 id="user-content-definition-list">Definition list</h3>
<dl> <dl>

@ -54,7 +54,7 @@ func ReplaceSanitizer() {
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`ref-issue`)).OnElements("a") sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`ref-issue`)).OnElements("a")
// Allow classes for task lists // Allow classes for task lists
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`task-list`)).OnElements("ul") sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`task-list-item`)).OnElements("li")
// Allow icons // Allow icons
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^icon(\s+[\p{L}\p{N}_-]+)+$`)).OnElements("i") sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^icon(\s+[\p{L}\p{N}_-]+)+$`)).OnElements("i")

@ -192,9 +192,9 @@
list-style-type: none; list-style-type: none;
} }
ul.task-list, li.task-list-item {
ol.task-list {
list-style-type: none; list-style-type: none;
margin-left: calc(-2em + 2px);
} }
ul ul, ul ul,

Loading…
Cancel
Save