OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
8773 Commits
197 Branches
392 MB
3500 Download
Tree: e9a5e92d04
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e9a5e92d04'
${ noResults }
aiforge/modules/markup/sanitizer.go

sanitizer.go 2.6 kB
Raw Normal View History

Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
8 years ago
Restructure markup & markdown to prepare for multiple markup language… (#2411) * restructure markup & markdown to prepare for multiple markup languages support * adjust some functions between markdown and markup * fix tests * improve the comments
7 years ago
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
8 years ago
Change markdown rendering from blackfriday to goldmark (#9533) * Move to goldmark Markdown rendering moved from blackfriday to the goldmark. Multiple subtle changes required to the goldmark extensions to keep current rendering and defaults. Can go further with goldmark linkify and have this work within markdown rendering making the link processor unnecessary. Need to think about how to go about allowing extensions - at present it seems that these would be hard to do without recompilation. * linter fixes Co-authored-by: Lauris BH <lauris@nix.lv>
5 years ago
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
8 years ago
Support inline rendering of CUSTOM_URL_SCHEMES (#8496) * Support inline rendering of CUSTOM_URL_SCHEMES * Fix lint * Add tests * Fix lint
5 years ago
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
8 years ago
Support inline rendering of CUSTOM_URL_SCHEMES (#8496) * Support inline rendering of CUSTOM_URL_SCHEMES * Fix lint * Add tests * Fix lint
5 years ago
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
8 years ago
Support inline rendering of CUSTOM_URL_SCHEMES (#8496) * Support inline rendering of CUSTOM_URL_SCHEMES * Fix lint * Add tests * Fix lint
5 years ago
Rewrite reference processing code in preparation for opening/closing from comment references (#8261) * Add a markdown stripper for mentions and xrefs * Improve comments * Small code simplification * Move reference code to modules/references * Fix typo * Make MarkdownStripper return [][]byte * Implement preliminary keywords parsing * Add FIXME comment * Fix comment * make fmt * Fix permissions check * Fix text assumptions * Fix imports * Fix lint, fmt * Fix unused import * Add missing export comment * Bypass revive on implemented interface * Move mdstripper into its own package * Support alphanumeric patterns * Refactor FindAllMentions * Move mentions test to references * Parse mentions from reference package * Refactor code to implement renderizable references * Fix typo * Move patterns and tests to the references package * Fix nil reference * Preliminary rendering attempt of closing keywords * Normalize names, comments, general tidy-up * Add CSS style for action keywords * Fix permission for admin and owner * Fix golangci-lint * Fix golangci-lint
5 years ago
Support inline rendering of CUSTOM_URL_SCHEMES (#8496) * Support inline rendering of CUSTOM_URL_SCHEMES * Fix lint * Add tests * Fix lint
5 years ago
Allow kbd tags (#9245) * Allow kbd tags Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add test Signed-off-by: jolheiser <john.olheiser@gmail.com>
5 years ago
Markdown: Sanitizier Configuration (#9075) * Support custom sanitization policy Allowing the gitea administrator to configure sanitization policy allows them to couple external renders and custom templates to support more markup. In particular, the `pandoc` renderer allows generating KaTeX annotations, wrapping them in `<span>` elements with class `math` and either `inline` or `display` (depending on whether or not inline or block mode was requested). This iteration gives the administrator whitelisting powers; carefully crafted regexes will thus let through only the desired attributes necessary to support their custom markup. Resolves: #9054 Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Document new sanitization configuration - Adds basic documentation to app.ini.sample, - Adds an example to the Configuration Cheat Sheet, and - Adds extended information to External Renderers section. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Drop extraneous length check in newMarkupSanitizer(...) Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Fix plural ELEMENT and ALLOW_ATTR in docs These were left over from their initial names. Make them singular to conform with the current expectations. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
5 years ago
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
8 years ago
fix #1501 ssh hangs caused by #1461 (#1513)
8 years ago
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
8 years ago
Change markdown rendering from blackfriday to goldmark (#9533) * Move to goldmark Markdown rendering moved from blackfriday to the goldmark. Multiple subtle changes required to the goldmark extensions to keep current rendering and defaults. Can go further with goldmark linkify and have this work within markdown rendering making the link processor unnecessary. Need to think about how to go about allowing extensions - at present it seems that these would be hard to do without recompilation. * linter fixes Co-authored-by: Lauris BH <lauris@nix.lv>
5 years ago
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
8 years ago
fix #1501 ssh hangs caused by #1461 (#1513)
8 years ago
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
8 years ago
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // Copyright 2017 The Gogs Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package markup

  7. 

  8. import (

  9. 	"bytes"

  10. 	"io"

  11. 	"regexp"

  12. 	"sync"

  13. 

  14. 	"code.gitea.io/gitea/modules/setting"

  15. 

  16. 	"github.com/microcosm-cc/bluemonday"

  17. )

  18. 

  19. // Sanitizer is a protection wrapper of *bluemonday.Policy which does not allow

  20. // any modification to the underlying policies once it's been created.

  21. type Sanitizer struct {

  22. 	policy *bluemonday.Policy

  23. 	init   sync.Once

  24. }

  25. 

  26. var sanitizer = &Sanitizer{}

  27. 

  28. // NewSanitizer initializes sanitizer with allowed attributes based on settings.

  29. // Multiple calls to this function will only create one instance of Sanitizer during

  30. // entire application lifecycle.

  31. func NewSanitizer() {

  32. 	sanitizer.init.Do(func() {

  33. 		ReplaceSanitizer()

  34. 	})

  35. }

  36. 

  37. // ReplaceSanitizer replaces the current sanitizer to account for changes in settings

  38. func ReplaceSanitizer() {

  39. 	sanitizer.policy = bluemonday.UGCPolicy()

  40. 	// We only want to allow HighlightJS specific classes for code blocks

  41. 	sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^language-\w+$`)).OnElements("code")

  42. 

  43. 	// Checkboxes

  44. 	sanitizer.policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")

  45. 	sanitizer.policy.AllowAttrs("checked", "disabled").OnElements("input")

  46. 

  47. 	// Custom URL-Schemes

  48. 	sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)

  49. 

  50. 	// Allow keyword markup

  51. 	sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^` + keywordClass + `$`)).OnElements("span")

  52. 

  53. 	// Allow <kbd> tags for keyboard shortcut styling

  54. 	sanitizer.policy.AllowElements("kbd")

  55. 

  56. 	// Custom keyword markup

  57. 	for _, rule := range setting.ExternalSanitizerRules {

  58. 		if rule.Regexp != nil {

  59. 			sanitizer.policy.AllowAttrs(rule.AllowAttr).Matching(rule.Regexp).OnElements(rule.Element)

  60. 		} else {

  61. 			sanitizer.policy.AllowAttrs(rule.AllowAttr).OnElements(rule.Element)

  62. 		}

  63. 	}

  64. }

  65. 

  66. // Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist.

  67. func Sanitize(s string) string {

  68. 	NewSanitizer()

  69. 	return sanitizer.policy.Sanitize(s)

  70. }

  71. 

  72. // SanitizeReader sanitizes a Reader

  73. func SanitizeReader(r io.Reader) *bytes.Buffer {

  74. 	NewSanitizer()

  75. 	return sanitizer.policy.SanitizeReader(r)

  76. }

  77. 

  78. // SanitizeBytes takes a []byte slice that contains a HTML fragment or document and applies policy whitelist.

  79. func SanitizeBytes(b []byte) []byte {

  80. 	if len(b) == 0 {

  81. 		// nothing to sanitize

  82. 		return b

  83. 	}

  84. 	NewSanitizer()

  85. 	return sanitizer.policy.SanitizeBytes(b)

  86. }

No Description