osbzr
/
com
项目红包剩余8542,下一贡献奖励5%,即 427个红包
Obserwuj 13
Polub 6
Wiki 捐赠
本站源代码
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
Gałąź: gamification
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'gamification'
${ noResults }
com/modules/markup/sanitizer.go

68 lines
2.1KB
Czysty Bezpośredni odnośnik Wina Historia 

  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // Copyright 2017 The Gogs Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package markup

  7. 

  8. import (

  9. 	"regexp"

  10. 	"sync"

  11. 

  12. 	"code.gitea.io/gitea/modules/setting"

  13. 

  14. 	"github.com/microcosm-cc/bluemonday"

  15. )

  16. 

  17. // Sanitizer is a protection wrapper of *bluemonday.Policy which does not allow

  18. // any modification to the underlying policies once it's been created.

  19. type Sanitizer struct {

  20. 	policy *bluemonday.Policy

  21. 	init   sync.Once

  22. }

  23. 

  24. var sanitizer = &Sanitizer{}

  25. 

  26. // NewSanitizer initializes sanitizer with allowed attributes based on settings.

  27. // Multiple calls to this function will only create one instance of Sanitizer during

  28. // entire application lifecycle.

  29. func NewSanitizer() {

  30. 	sanitizer.init.Do(func() {

  31. 		ReplaceSanitizer()

  32. 	})

  33. }

  34. 

  35. // ReplaceSanitizer replaces the current sanitizer to account for changes in settings

  36. func ReplaceSanitizer() {

  37. 	sanitizer = &Sanitizer{}

  38. 	sanitizer.policy = bluemonday.UGCPolicy()

  39. 	// We only want to allow HighlightJS specific classes for code blocks

  40. 	sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^language-\w+$`)).OnElements("code")

  41. 

  42. 	// Checkboxes

  43. 	sanitizer.policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")

  44. 	sanitizer.policy.AllowAttrs("checked", "disabled").OnElements("input")

  45. 

  46. 	// Custom URL-Schemes

  47. 	sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)

  48. 

  49. 	// Allow keyword markup

  50. 	sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^` + keywordClass + `$`)).OnElements("span")

  51. }

  52. 

  53. // Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist.

  54. func Sanitize(s string) string {

  55. 	NewSanitizer()

  56. 	return sanitizer.policy.Sanitize(s)

  57. }

  58. 

  59. // SanitizeBytes takes a []byte slice that contains a HTML fragment or document and applies policy whitelist.

  60. func SanitizeBytes(b []byte) []byte {

  61. 	if len(b) == 0 {

  62. 		// nothing to sanitize

  63. 		return b

  64. 	}

  65. 	NewSanitizer()

  66. 	return sanitizer.policy.SanitizeBytes(b)

  67. }
上海开阖软件有限公司 沪ICP备12045867号-1