mirror of
				https://gitcode.com/gitea/gitea.git
				synced 2025-10-25 03:57:13 +08:00 
			
		
		
		
	modules/base: clean code with #838
This commit is contained in:
		| @ -212,7 +212,7 @@ func RenderRawMarkdown(body []byte, urlPrefix string) []byte { | ||||
| func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte { | ||||
| 	body := RenderSpecialLink(rawBytes, urlPrefix) | ||||
| 	body = RenderRawMarkdown(body, urlPrefix) | ||||
| 	body = XSS(body) | ||||
| 	body = Sanitizer.SanitizeBytes(body) | ||||
| 	return body | ||||
| } | ||||
|  | ||||
|  | ||||
| @ -13,7 +13,6 @@ import ( | ||||
| 	"strings" | ||||
| 	"time" | ||||
|  | ||||
| 	"github.com/microcosm-cc/bluemonday" | ||||
| 	"golang.org/x/net/html/charset" | ||||
| 	"golang.org/x/text/transform" | ||||
|  | ||||
| @ -21,11 +20,8 @@ import ( | ||||
| 	"github.com/gogits/gogs/modules/setting" | ||||
| ) | ||||
|  | ||||
| // FIXME: use me to Markdown API renders | ||||
| var p = bluemonday.UGCPolicy() | ||||
|  | ||||
| func Str2html(raw string) template.HTML { | ||||
| 	return template.HTML(p.Sanitize(raw)) | ||||
| 	return template.HTML(Sanitizer.Sanitize(raw)) | ||||
| } | ||||
|  | ||||
| func Range(l int) []int { | ||||
|  | ||||
| @ -15,17 +15,19 @@ import ( | ||||
| 	"hash" | ||||
| 	"html/template" | ||||
| 	"math" | ||||
| 	"regexp" | ||||
| 	"strings" | ||||
| 	"time" | ||||
|  | ||||
| 	"github.com/Unknwon/com" | ||||
| 	"github.com/Unknwon/i18n" | ||||
| 	"github.com/microcosm-cc/bluemonday" | ||||
|  | ||||
| 	"github.com/gogits/gogs/modules/avatar" | ||||
| 	"github.com/gogits/gogs/modules/setting" | ||||
| ) | ||||
|  | ||||
| var Sanitizer = bluemonday.UGCPolicy() | ||||
|  | ||||
| // Encode string to md5 hex value. | ||||
| func EncodeMd5(str string) string { | ||||
| 	m := md5.New() | ||||
| @ -473,29 +475,3 @@ func DateFormat(t time.Time, format string) string { | ||||
| 	format = replacer.Replace(format) | ||||
| 	return t.Format(format) | ||||
| } | ||||
|  | ||||
| type xssFilter struct { | ||||
| 	reg  *regexp.Regexp | ||||
| 	repl []byte | ||||
| } | ||||
|  | ||||
| var ( | ||||
| 	whiteSpace = []byte(" ") | ||||
| 	xssFilters = []xssFilter{ | ||||
| 		{regexp.MustCompile(`\ [ONon]\w*=["]*`), whiteSpace}, | ||||
| 		{regexp.MustCompile(`<[SCRIPTscript]{6}`), whiteSpace}, | ||||
| 		{regexp.MustCompile(`=[` + "`" + `'"]*[JAVASCRIPTjavascript \t\0
]*:`), whiteSpace}, | ||||
| 	} | ||||
| ) | ||||
|  | ||||
| // XSS goes through all the XSS filters to make user input content as safe as possible. | ||||
| func XSS(in []byte) []byte { | ||||
| 	for _, filter := range xssFilters { | ||||
| 		in = filter.reg.ReplaceAll(in, filter.repl) | ||||
| 	} | ||||
| 	return in | ||||
| } | ||||
|  | ||||
| func XSSString(in string) string { | ||||
| 	return string(XSS([]byte(in))) | ||||
| } | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 Unknwon
					Unknwon