averello/gogs-mirror
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2025-12-17 12:03:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

markdown: improve filter of class attribute for code blocks

Browse Source 
Only allow HighlightJS specific classes.

Reported by ChALkeR.
This commit is contained in:
Unknwon
2017-03-29 19:52:53 -04:00
parent 09723ec0e5
commit 9d06ebd01a
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gogs.go
View File

@@ -16,7 +16,7 @@ import (
"github.com/gogits/gogs/modules/setting" "github.com/gogits/gogs/modules/setting"
) )
const APP_VER = "0.10.32.0328 / 0.11 RC" const APP_VER = "0.10.33.0329 / 0.11 RC"
func init() { func init() {
setting.AppVer = APP_VER setting.AppVer = APP_VER

4
modules/markdown/markdown.go
View File

@@ -32,8 +32,8 @@ var Sanitizer = bluemonday.UGCPolicy()
// BuildSanitizer initializes sanitizer with allowed attributes based on settings. // BuildSanitizer initializes sanitizer with allowed attributes based on settings.
// This function should only be called once during entire application lifecycle. // This function should only be called once during entire application lifecycle.
func BuildSanitizer() { func BuildSanitizer() {
// Normal markdown-stuff // We only want to allow HighlightJS specific classes for code blocks
Sanitizer.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") Sanitizer.AllowAttrs("class").Matching(regexp.MustCompile(`^language-\w+`)).OnElements("code")
// Checkboxes // Checkboxes
Sanitizer.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") Sanitizer.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")

2
templates/.VERSION
View File

@@ -1 +1 @@
0.10.32.0328 / 0.11 RC 0.10.33.0329 / 0.11 RC