|
|
@ -9,7 +9,6 @@ import ( |
|
|
|
"regexp" |
|
|
|
"regexp" |
|
|
|
"sync" |
|
|
|
"sync" |
|
|
|
|
|
|
|
|
|
|
|
"code.gitea.io/gitea/modules/log" |
|
|
|
|
|
|
|
"code.gitea.io/gitea/modules/setting" |
|
|
|
"code.gitea.io/gitea/modules/setting" |
|
|
|
|
|
|
|
|
|
|
|
"github.com/microcosm-cc/bluemonday" |
|
|
|
"github.com/microcosm-cc/bluemonday" |
|
|
@ -28,7 +27,6 @@ var sanitizer = &Sanitizer{} |
|
|
|
// Multiple calls to this function will only create one instance of Sanitizer during
|
|
|
|
// Multiple calls to this function will only create one instance of Sanitizer during
|
|
|
|
// entire application lifecycle.
|
|
|
|
// entire application lifecycle.
|
|
|
|
func NewSanitizer() { |
|
|
|
func NewSanitizer() { |
|
|
|
log.Trace("Markdown: sanitizer initialization requested") |
|
|
|
|
|
|
|
sanitizer.init.Do(func() { |
|
|
|
sanitizer.init.Do(func() { |
|
|
|
sanitizer.policy = bluemonday.UGCPolicy() |
|
|
|
sanitizer.policy = bluemonday.UGCPolicy() |
|
|
|
// We only want to allow HighlightJS specific classes for code blocks
|
|
|
|
// We only want to allow HighlightJS specific classes for code blocks
|
|
|
@ -40,16 +38,12 @@ func NewSanitizer() { |
|
|
|
|
|
|
|
|
|
|
|
// Custom URL-Schemes
|
|
|
|
// Custom URL-Schemes
|
|
|
|
sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) |
|
|
|
sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) |
|
|
|
|
|
|
|
|
|
|
|
log.Trace("Markdown: sanitizer initialized") |
|
|
|
|
|
|
|
}) |
|
|
|
}) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist.
|
|
|
|
// Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist.
|
|
|
|
func Sanitize(s string) string { |
|
|
|
func Sanitize(s string) string { |
|
|
|
if sanitizer.policy == nil { |
|
|
|
NewSanitizer() |
|
|
|
NewSanitizer() |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return sanitizer.policy.Sanitize(s) |
|
|
|
return sanitizer.policy.Sanitize(s) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -59,8 +53,6 @@ func SanitizeBytes(b []byte) []byte { |
|
|
|
// nothing to sanitize
|
|
|
|
// nothing to sanitize
|
|
|
|
return b |
|
|
|
return b |
|
|
|
} |
|
|
|
} |
|
|
|
if sanitizer.policy == nil { |
|
|
|
NewSanitizer() |
|
|
|
NewSanitizer() |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return sanitizer.policy.SanitizeBytes(b) |
|
|
|
return sanitizer.policy.SanitizeBytes(b) |
|
|
|
} |
|
|
|
} |
|
|
|