tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

Remove unnecessary SanitizeHTML from code (#29575)

Browse Source 
* "mail/issue/default.tmpl": the body is rendered by backend
`markdown.RenderString() HTML`, it has been already sanitized
* "repo/settings/webhook/base_list.tmpl": "Description" is prepared by
backend `ctx.Tr`, it doesn't need to be sanitized
This commit is contained in:
wxiaoguang
2024-03-04 20:02:45 +08:00
committed by GitHub
parent e91733468e
commit dae7f1ebdb
7 changed files with 7 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/templates/helper.go
View File

@@ -208,14 +208,8 @@ func SafeHTML(s any) template.HTML {
}
// SanitizeHTML sanitizes the input by pre-defined markdown rules
func SanitizeHTML(s any) template.HTML {
switch v := s.(type) {
case string:
return template.HTML(markup.Sanitize(v))
case template.HTML:
return template.HTML(markup.Sanitize(string(v)))
}
panic(fmt.Sprintf("unexpected type %T", s))
func SanitizeHTML(s string) template.HTML {
return template.HTML(markup.Sanitize(s))
}
func HTMLEscape(s any) template.HTML {

1
modules/templates/helper_test.go
View File

@@ -64,5 +64,4 @@ func TestHTMLFormat(t *testing.T) {
func TestSanitizeHTML(t *testing.T) {
assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`))
assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(template.HTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`)))
}