tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-05 18:17:19 +00:00
Code Releases Activity

Refactor markup render system (#32533)

Browse Source 
Remove unmaintainable sanitizer rules. No need to add special "class"
regexp rules anymore, use RenderInternal.SafeAttr instead, more details
(and examples) are in the tests
This commit is contained in:
wxiaoguang
2024-11-18 13:25:42 +08:00
committed by GitHub
parent 4f879a00df
commit 8a20fba8eb
42 changed files with 568 additions and 508 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/markup/sanitizer_custom.go
View File

@ -4,6 +4,9 @@
package markup
import (
"regexp"
"strings"
"code.gitea.io/gitea/modules/setting"
"github.com/microcosm-cc/bluemonday"
@ -15,8 +18,11 @@ func (st *Sanitizer) addSanitizerRules(policy *bluemonday.Policy, rules []settin
policy.AllowDataURIImages()
}
if rule.Element != "" {
if rule.Regexp != nil {
policy.AllowAttrs(rule.AllowAttr).Matching(rule.Regexp).OnElements(rule.Element)
if rule.Regexp != "" {
if !strings.HasPrefix(rule.Regexp, "^") || !strings.HasSuffix(rule.Regexp, "$") {
panic("Markup sanitizer rule regexp must start with ^ and end with $ to be strict")
}
policy.AllowAttrs(rule.AllowAttr).Matching(regexp.MustCompile(rule.Regexp)).OnElements(rule.Element)
} else {
policy.AllowAttrs(rule.AllowAttr).OnElements(rule.Element)
}