diff options
Diffstat (limited to 'internal/app/api.go')
| -rw-r--r-- | internal/app/api.go | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/internal/app/api.go b/internal/app/api.go new file mode 100644 index 00000000..c64e946e --- /dev/null +++ b/internal/app/api.go @@ -0,0 +1,36 @@ +// Copyright 2020 The Gogs Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package app + +import ( + "net/http" + + "github.com/microcosm-cc/bluemonday" + "gopkg.in/macaron.v1" + + "gogs.io/gogs/internal/context" +) + +func ipynbSanitizer() *bluemonday.Policy { + p := bluemonday.UGCPolicy() + p.AllowAttrs("class", "data-prompt-number").OnElements("div") + p.AllowAttrs("class").OnElements("img") + p.AllowURLSchemes("data") + return p +} + +func SanitizeIpynb() macaron.Handler { + p := ipynbSanitizer() + + return func(c *context.Context) { + html, err := c.Req.Body().String() + if err != nil { + c.Error(err, "read body") + return + } + + c.PlainText(http.StatusOK, p.Sanitize(html)) + } +} |