From 5e6c3b9d0e9a06764079bc07c0419b1ebf9183eb Mon Sep 17 00:00:00 2001
From: ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
Date: Mon, 27 Jan 2020 00:18:46 +0800
Subject: api: sanitize raw markdown content (#5907)

Fixed a security issue reported by bluebird.
---
 internal/markup/markdown.go | 3 +--
 internal/markup/markup.go   | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

(limited to 'internal/markup')

diff --git a/internal/markup/markdown.go b/internal/markup/markdown.go
index db581a71..a5380028 100644
--- a/internal/markup/markdown.go
+++ b/internal/markup/markdown.go
@@ -157,8 +157,7 @@ func RawMarkdown(body []byte, urlPrefix string) []byte {
 		extensions |= blackfriday.EXTENSION_HARD_LINE_BREAK
 	}
 
-	body = blackfriday.Markdown(body, renderer, extensions)
-	return body
+	return blackfriday.Markdown(body, renderer, extensions)
 }
 
 // Markdown takes a string or []byte and renders to HTML in Markdown syntax with special links.
diff --git a/internal/markup/markup.go b/internal/markup/markup.go
index e09a0ba6..1a22daae 100644
--- a/internal/markup/markup.go
+++ b/internal/markup/markup.go
@@ -334,7 +334,7 @@ func Detect(filename string) Type {
 	}
 }
 
-// Render takes a string or []byte and renders to HTML in given type of syntax with special links.
+// Render takes a string or []byte and renders to sanitized HTML in given type of syntax with special links.
 func Render(typ Type, input interface{}, urlPrefix string, metas map[string]string) []byte {
 	var rawBytes []byte
 	switch v := input.(type) {
-- 
cgit v1.2.3