mirror of
				https://github.com/go-gitea/gitea
				synced 2025-09-28 03:28:13 +00:00 
			
		
		
		
	Refactor markup render system (#32533)
Remove unmaintainable sanitizer rules. No need to add special "class" regexp rules anymore, use RenderInternal.SafeAttr instead, more details (and examples) are in the tests
This commit is contained in:
		| @@ -7,7 +7,6 @@ import ( | ||||
| 	"fmt" | ||||
| 	"io" | ||||
| 	"net/url" | ||||
| 	"regexp" | ||||
|  | ||||
| 	"code.gitea.io/gitea/modules/markup" | ||||
| 	"code.gitea.io/gitea/modules/setting" | ||||
| @@ -38,10 +37,7 @@ const ( | ||||
|  | ||||
| // SanitizerRules implements markup.Renderer | ||||
| func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule { | ||||
| 	return []setting.MarkupSanitizerRule{ | ||||
| 		{Element: "div", AllowAttr: "class", Regexp: regexp.MustCompile(playerClassName)}, | ||||
| 		{Element: "div", AllowAttr: playerSrcAttr}, | ||||
| 	} | ||||
| 	return []setting.MarkupSanitizerRule{{Element: "div", AllowAttr: playerSrcAttr}} | ||||
| } | ||||
|  | ||||
| // Render implements markup.Renderer | ||||
| @@ -53,12 +49,5 @@ func (Renderer) Render(ctx *markup.RenderContext, _ io.Reader, output io.Writer) | ||||
| 		ctx.Metas["BranchNameSubURL"], | ||||
| 		url.PathEscape(ctx.RelativePath), | ||||
| 	) | ||||
|  | ||||
| 	_, err := io.WriteString(output, fmt.Sprintf( | ||||
| 		`<div class="%s" %s="%s"></div>`, | ||||
| 		playerClassName, | ||||
| 		playerSrcAttr, | ||||
| 		rawURL, | ||||
| 	)) | ||||
| 	return err | ||||
| 	return ctx.RenderInternal.FormatWithSafeAttrs(output, `<div class="%s" %s="%s"></div>`, playerClassName, playerSrcAttr, rawURL) | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user