tangled.org / core
Monorepo for Tangled tangled.org
fork atom

appview/pages: don't sanitize plaintext readmes

Also, sanitize the raw markdown before rendering.

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.sh>

anirudh.fi 71cafd96 defce014

verified
3/3
build.yml
fmt.yml
test.yml
options
unified split
Changed files
+4 -6
appview
pages
pages.go
templates
repo
index.html
+2 -4
appview/pages/pages.go
··· 33 33 "github.com/bluesky-social/indigo/atproto/syntax" 34 34 "github.com/go-git/go-git/v5/plumbing" 35 35 "github.com/go-git/go-git/v5/plumbing/object" 36 - "github.com/microcosm-cc/bluemonday" 37 36 ) 38 37 39 38 //go:embed templates/* static ··· 502 501 ext := filepath.Ext(params.ReadmeFileName) 503 502 switch ext { 504 503 case ".md", ".markdown", ".mdown", ".mkdn", ".mkd": 504 + htmlString = p.rctx.Sanitize(htmlString) 505 505 htmlString = p.rctx.RenderMarkdown(params.Readme) 506 506 params.Raw = false 507 - params.HTMLReadme = template.HTML(p.rctx.Sanitize(htmlString)) 507 + params.HTMLReadme = template.HTML(htmlString) 508 508 default: 509 - htmlString = string(params.Readme) 510 509 params.Raw = true 511 - params.HTMLReadme = template.HTML(bluemonday.NewPolicy().Sanitize(htmlString)) 512 510 } 513 511 } 514 512
+2 -2
appview/pages/templates/repo/index.html
··· 358 358 {{ end }} 359 359 360 360 {{ define "repoAfter" }} 361 - {{- if .HTMLReadme -}} 361 + {{- if or .HTMLReadme .Readme -}} 362 362 <section 363 363 class="p-6 mt-4 rounded-br rounded-bl bg-white dark:bg-gray-800 dark:text-white drop-shadow-sm w-full mx-auto overflow-auto {{ if not .Raw }} 364 364 prose dark:prose-invert dark:[&_pre]:bg-gray-900 ··· 367 367 {{ end }}" 368 368 > 369 369 <article class="{{ if .Raw }}whitespace-pre{{ end }}">{{- if .Raw -}}<pre class="dark:bg-gray-800 dark:text-white overflow-x-auto"> 370 - {{- .HTMLReadme -}} 370 + {{- .Readme -}} 371 371 </pre> 372 372 {{- else -}} 373 373 {{ .HTMLReadme }}