1
1
mirror of https://github.com/go-gitea/gitea synced 2025-07-24 11:18:36 +00:00

Rename Str2html to SanitizeHTML and clarify its behavior (#29516)

Str2html was abused a lot. So use a proper name for it: SanitizeHTML

And add some tests to show its behavior.
This commit is contained in:
wxiaoguang
2024-03-01 18:16:19 +08:00
committed by GitHub
parent cb52b17f92
commit fb42972c05
14 changed files with 48 additions and 43 deletions

View File

@@ -224,7 +224,7 @@ Please check [Gitea's logs](administration/logging-config.md) for error messages
{{if not (eq .Body "")}}
<h3>Message content</h3>
<hr>
{{.Body | Str2html}}
{{.Body | SanitizeHTML}}
{{end}}
</p>
<hr>
@@ -260,19 +260,19 @@ The template system contains several functions that can be used to further proce
the messages. Here's a list of some of them:
| Name | Parameters | Available | Usage |
| ---------------- | ----------- | --------- | --------------------------------------------------------------------------- |
| ---------------- | ----------- | --------- |-----------------------------------------------------------------------------|
| `AppUrl` | - | Any | Gitea's URL |
| `AppName` | - | Any | Set from `app.ini`, usually "Gitea" |
| `AppDomain` | - | Any | Gitea's host name |
| `EllipsisString` | string, int | Any | Truncates a string to the specified length; adds ellipsis as needed |
| `Str2html` | string | Body only | Sanitizes text by removing any HTML tags from it. |
| `SanitizeHTML` | string | Body only | Sanitizes text by removing any dangerous HTML tags from it. |
| `SafeHTML` | string | Body only | Takes the input as HTML; can be used for `.ReviewComments.RenderedContent`. |
These are _functions_, not metadata, so they have to be used:
```html
Like this: {{Str2html "Escape<my>text"}}
Or this: {{"Escape<my>text" | Str2html}}
Like this: {{SanitizeHTML "Escape<my>text"}}
Or this: {{"Escape<my>text" | SanitizeHTML}}
Or this: {{AppUrl}}
But not like this: {{.AppUrl}}
```