aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--internal/markup/markdown.go3
-rw-r--r--internal/markup/markup.go2
-rw-r--r--internal/route/api/v1/misc/markdown.go10
3 files changed, 8 insertions, 7 deletions
diff --git a/internal/markup/markdown.go b/internal/markup/markdown.go
index db581a71..a5380028 100644
--- a/internal/markup/markdown.go
+++ b/internal/markup/markdown.go
@@ -157,8 +157,7 @@ func RawMarkdown(body []byte, urlPrefix string) []byte {
extensions |= blackfriday.EXTENSION_HARD_LINE_BREAK
}
- body = blackfriday.Markdown(body, renderer, extensions)
- return body
+ return blackfriday.Markdown(body, renderer, extensions)
}
// Markdown takes a string or []byte and renders to HTML in Markdown syntax with special links.
diff --git a/internal/markup/markup.go b/internal/markup/markup.go
index e09a0ba6..1a22daae 100644
--- a/internal/markup/markup.go
+++ b/internal/markup/markup.go
@@ -334,7 +334,7 @@ func Detect(filename string) Type {
}
}
-// Render takes a string or []byte and renders to HTML in given type of syntax with special links.
+// Render takes a string or []byte and renders to sanitized HTML in given type of syntax with special links.
func Render(typ Type, input interface{}, urlPrefix string, metas map[string]string) []byte {
var rawBytes []byte
switch v := input.(type) {
diff --git a/internal/route/api/v1/misc/markdown.go b/internal/route/api/v1/misc/markdown.go
index 8731e32b..cd0ba905 100644
--- a/internal/route/api/v1/misc/markdown.go
+++ b/internal/route/api/v1/misc/markdown.go
@@ -20,16 +20,18 @@ func Markdown(c *context.APIContext, form api.MarkdownOption) {
}
if len(form.Text) == 0 {
- c.Write([]byte(""))
+ _, _ = c.Write([]byte(""))
return
}
+ var md []byte
switch form.Mode {
case "gfm":
- c.Write(markup.Markdown([]byte(form.Text), form.Context, nil))
+ md = markup.Markdown([]byte(form.Text), form.Context, nil)
default:
- c.Write(markup.RawMarkdown([]byte(form.Text), ""))
+ md = markup.SanitizeBytes(markup.RawMarkdown([]byte(form.Text), ""))
}
+ _, _ = c.Write(md)
}
func MarkdownRaw(c *context.APIContext) {
@@ -38,5 +40,5 @@ func MarkdownRaw(c *context.APIContext) {
c.Error(http.StatusUnprocessableEntity, "", err)
return
}
- c.Write(markup.RawMarkdown(body, ""))
+ _, _ = c.Write(markup.SanitizeBytes(markup.RawMarkdown(body, "")))
}
Powered by cgit, Themed by Ted Yin.