tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-10-27 01:18:27 +00:00
Code Releases Activity

Allow all URL schemes in Markdown links by default (#24805)

Browse Source 
- Closes #21146
- Closes #16721

## ⚠️ BREAKING ⚠️
This changes the default behavior to now create links for any URL scheme
when the user uses the markdown form for links (`[label](URL)`), this
doesn't affect the rendering of inline links. To opt-out set the
`markdown.CUSTOM_URL_SCHEMES` setting to a list of allowed schemes, all
other schemes (except `http` and `https`) won't be allowed.

# Before

![image](https://github.com/go-gitea/gitea/assets/20454870/35fa18ce-7dda-4995-b5b3-3f360f38296d)

# After

![image](https://github.com/go-gitea/gitea/assets/20454870/0922216b-0b35-4b77-9919-21a5c21dd5d0)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Giteabot <teabot@gitea.io>
This commit is contained in:
Yarden Shoham
2023-05-19 18:17:07 +03:00
committed by GitHub
parent 38cf43d060
commit f5ce2ed292
6 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/markup/sanitizer.go
View File

@@ -22,7 +22,10 @@ type Sanitizer struct {
init sync.Once
}
var sanitizer = &Sanitizer{}
var (
sanitizer = &Sanitizer{}
allowAllRegex = regexp.MustCompile(".+")
)
// NewSanitizer initializes sanitizer with allowed attributes based on settings.
// Multiple calls to this function will only create one instance of Sanitizer during
@@ -74,6 +77,8 @@ func createDefaultPolicy() *bluemonday.Policy {
// Custom URL-Schemes
if len(setting.Markdown.CustomURLSchemes) > 0 {
policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
} else {
policy.AllowURLSchemesMatching(allowAllRegex)
}
// Allow classes for anchors

4
modules/markup/sanitizer_test.go
View File

@@ -52,6 +52,10 @@ func Test_Sanitizer(t *testing.T) {
`<span style="bad-color: red">Hello World</span>`, `<span>Hello World</span>`,
`<p style="bad-color: red">Hello World</p>`, `<p>Hello World</p>`,
`<code style="bad-color: red">Hello World</code>`, `<code>Hello World</code>`,
// URLs
`[my custom URL scheme](cbthunderlink://somebase64string)`, `[my custom URL scheme](cbthunderlink://somebase64string)`,
`[my custom URL scheme](matrix:roomid/psumPMeAfzgAeQpXMG:feneas.org?action=join)`, `[my custom URL scheme](matrix:roomid/psumPMeAfzgAeQpXMG:feneas.org?action=join)`,
}
for i := 0; i < len(testCases); i += 2 {