diff options
| author | Unknwon <u@gogs.io> | 2019-10-24 01:51:46 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-24 01:51:46 -0700 |
| commit | 01c8df01ec0608f1f25b2f1444adabb98fa5ee8a (patch) | |
| tree | f8a7e5dd8d2a8c51e1ce2cabb9d33571a93314dd /pkg/markup/sanitizer.go | |
| parent | 613139e7bef81d3573e7988a47eb6765f3de347a (diff) | |
internal: move packages under this directory (#5836)
* Rename pkg -> internal
* Rename routes -> route
* Move route -> internal/route
* Rename models -> db
* Move db -> internal/db
* Fix route2 -> route
* Move cmd -> internal/cmd
* Bump version
Diffstat (limited to 'pkg/markup/sanitizer.go')
| -rw-r--r-- | pkg/markup/sanitizer.go | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/pkg/markup/sanitizer.go b/pkg/markup/sanitizer.go deleted file mode 100644 index bc6c0a77..00000000 --- a/pkg/markup/sanitizer.go +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2017 The Gogs Authors. All rights reserved. -// Use of this source code is governed by a MIT-style -// license that can be found in the LICENSE file. - -package markup - -import ( - "regexp" - "sync" - - "github.com/microcosm-cc/bluemonday" - - "gogs.io/gogs/pkg/setting" -) - -// Sanitizer is a protection wrapper of *bluemonday.Policy which does not allow -// any modification to the underlying policies once it's been created. -type Sanitizer struct { - policy *bluemonday.Policy - init sync.Once -} - -var sanitizer = &Sanitizer{ - policy: bluemonday.UGCPolicy(), -} - -// NewSanitizer initializes sanitizer with allowed attributes based on settings. -// Multiple calls to this function will only create one instance of Sanitizer during -// entire application lifecycle. -func NewSanitizer() { - sanitizer.init.Do(func() { - // We only want to allow HighlightJS specific classes for code blocks - sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^language-\w+$`)).OnElements("code") - - // Checkboxes - sanitizer.policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") - sanitizer.policy.AllowAttrs("checked", "disabled").OnElements("input") - - // Data URLs - sanitizer.policy.AllowURLSchemes("data") - - // Custom URL-Schemes - sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) - }) -} - -// Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist. -func Sanitize(s string) string { - return sanitizer.policy.Sanitize(s) -} - -// SanitizeBytes takes a []byte slice that contains a HTML fragment or document and applies policy whitelist. -func SanitizeBytes(b []byte) []byte { - return sanitizer.policy.SanitizeBytes(b) -} |