back round 0 view raw

appview/pages/markup: add description filter #507

merged
opened by oppi.li targeting master from push-sssuxsytslts

this sanitizer only renders a tiny subset of markdown, to be used in inline elements like PR titles and repo descriptions etc.

Signed-off-by: oppiliappan me@oppi.li

options
unified split
Changed files
+38 -4
appview
pages
funcmap.go
markup
markdown.go
sanitizer.go
+6 -1
appview/pages/funcmap.go
··· 206 } 207 return v.Slice(0, min(n, v.Len())).Interface() 208 }, 209 - 210 "markdown": func(text string) template.HTML { 211 p.rctx.RendererType = markup.RendererTypeDefault 212 htmlString := p.rctx.RenderMarkdown(text) 213 sanitized := p.rctx.SanitizeDefault(htmlString) 214 return template.HTML(sanitized) 215 }, 216 "isNil": func(t any) bool { 217 // returns false for other "zero" values 218 return t == nil
··· 206 } 207 return v.Slice(0, min(n, v.Len())).Interface() 208 }, 209 "markdown": func(text string) template.HTML { 210 p.rctx.RendererType = markup.RendererTypeDefault 211 htmlString := p.rctx.RenderMarkdown(text) 212 sanitized := p.rctx.SanitizeDefault(htmlString) 213 return template.HTML(sanitized) 214 }, 215 + "description": func(text string) template.HTML { 216 + p.rctx.RendererType = markup.RendererTypeDefault 217 + htmlString := p.rctx.RenderMarkdown(text) 218 + sanitized := p.rctx.SanitizeDescription(htmlString) 219 + return template.HTML(sanitized) 220 + }, 221 "isNil": func(t any) bool { 222 // returns false for other "zero" values 223 return t == nil
+5 -1
appview/pages/markup/markdown.go
··· 161 } 162 163 func (rctx *RenderContext) SanitizeDefault(html string) string { 164 - return rctx.Sanitizer.defaultPolicy.Sanitize(html) 165 } 166 167 type MarkdownTransformer struct {
··· 161 } 162 163 func (rctx *RenderContext) SanitizeDefault(html string) string { 164 + return rctx.Sanitizer.SanitizeDefault(html) 165 + } 166 + 167 + func (rctx *RenderContext) SanitizeDescription(html string) string { 168 + return rctx.Sanitizer.SanitizeDescription(html) 169 } 170 171 type MarkdownTransformer struct {
+27 -2
appview/pages/markup/sanitizer.go
··· 11 ) 12 13 type Sanitizer struct { 14 - defaultPolicy *bluemonday.Policy 15 } 16 17 func NewSanitizer() Sanitizer { 18 return Sanitizer{ 19 - defaultPolicy: defaultPolicy(), 20 } 21 } 22 23 func defaultPolicy() *bluemonday.Policy { 24 policy := bluemonday.UGCPolicy() 25 ··· 90 91 return policy 92 }
··· 11 ) 12 13 type Sanitizer struct { 14 + defaultPolicy *bluemonday.Policy 15 + descriptionPolicy *bluemonday.Policy 16 } 17 18 func NewSanitizer() Sanitizer { 19 return Sanitizer{ 20 + defaultPolicy: defaultPolicy(), 21 + descriptionPolicy: descriptionPolicy(), 22 } 23 } 24 25 + func (s *Sanitizer) SanitizeDefault(html string) string { 26 + return s.defaultPolicy.Sanitize(html) 27 + } 28 + func (s *Sanitizer) SanitizeDescription(html string) string { 29 + return s.descriptionPolicy.Sanitize(html) 30 + } 31 + 32 func defaultPolicy() *bluemonday.Policy { 33 policy := bluemonday.UGCPolicy() 34 ··· 99 100 return policy 101 } 102 + 103 + func descriptionPolicy() *bluemonday.Policy { 104 + policy := bluemonday.NewPolicy() 105 + policy.AllowStandardURLs() 106 + 107 + // allow italics and bold. 108 + policy.AllowElements("i", "b", "em", "strong") 109 + 110 + // allow code. 111 + policy.AllowElements("code") 112 + 113 + // allow links 114 + policy.AllowAttrs("href", "target", "rel").OnElements("a") 115 + 116 + return policy 117 + }