fix #828, may cause unintentional break in other features, but security is no.1
This commit is contained in:
parent
0e286a0ca9
commit
8e384ce46c
7 changed files with 13 additions and 10 deletions
|
@ -23,10 +23,10 @@ github.com/macaron-contrib/oauth2 = commit:8f394c3629
|
||||||
github.com/macaron-contrib/session =
|
github.com/macaron-contrib/session =
|
||||||
github.com/macaron-contrib/toolbox = commit:57127bcc89
|
github.com/macaron-contrib/toolbox = commit:57127bcc89
|
||||||
github.com/mattn/go-sqlite3 = commit:a80c27ba33
|
github.com/mattn/go-sqlite3 = commit:a80c27ba33
|
||||||
|
github.com/microcosm-cc/bluemonday =
|
||||||
github.com/nfnt/resize = commit:8f44931448
|
github.com/nfnt/resize = commit:8f44931448
|
||||||
github.com/russross/blackfriday = commit:05b8cefd6a
|
github.com/russross/blackfriday = commit:05b8cefd6a
|
||||||
github.com/shurcooL/go = commit:48293cbc7a
|
github.com/shurcooL/go = commit:48293cbc7a
|
||||||
github.com/saintfish/chardet = commit:3af4cd4741
|
|
||||||
gopkg.in/ini.v1 = commit:28ad8c408b
|
gopkg.in/ini.v1 = commit:28ad8c408b
|
||||||
gopkg.in/redis.v2 = commit:e617904962
|
gopkg.in/redis.v2 = commit:e617904962
|
||||||
|
|
||||||
|
|
2
gogs.go
2
gogs.go
|
@ -17,7 +17,7 @@ import (
|
||||||
"github.com/gogits/gogs/modules/setting"
|
"github.com/gogits/gogs/modules/setting"
|
||||||
)
|
)
|
||||||
|
|
||||||
const APP_VER = "0.5.11.0103 Beta"
|
const APP_VER = "0.5.12.0120 Beta"
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
runtime.GOMAXPROCS(runtime.NumCPU())
|
runtime.GOMAXPROCS(runtime.NumCPU())
|
||||||
|
|
|
@ -13,15 +13,19 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/microcosm-cc/bluemonday"
|
||||||
"golang.org/x/net/html/charset"
|
"golang.org/x/net/html/charset"
|
||||||
"golang.org/x/text/transform"
|
"golang.org/x/text/transform"
|
||||||
|
|
||||||
"github.com/gogits/gogs/modules/setting"
|
|
||||||
"github.com/gogits/chardet"
|
"github.com/gogits/chardet"
|
||||||
|
"github.com/gogits/gogs/modules/setting"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// FIXME: use me to Markdown API renders
|
||||||
|
var p = bluemonday.UGCPolicy()
|
||||||
|
|
||||||
func Str2html(raw string) template.HTML {
|
func Str2html(raw string) template.HTML {
|
||||||
return template.HTML(raw)
|
return template.HTML(p.Sanitize(raw))
|
||||||
}
|
}
|
||||||
|
|
||||||
func Range(l int) []int {
|
func Range(l int) []int {
|
||||||
|
@ -113,7 +117,6 @@ var TemplateFuncs template.FuncMap = map[string]interface{}{
|
||||||
return fmt.Sprint(time.Since(startTime).Nanoseconds()/1e6) + "ms"
|
return fmt.Sprint(time.Since(startTime).Nanoseconds()/1e6) + "ms"
|
||||||
},
|
},
|
||||||
"AvatarLink": AvatarLink,
|
"AvatarLink": AvatarLink,
|
||||||
"str2html": Str2html, // TODO: Legacy
|
|
||||||
"Str2html": Str2html,
|
"Str2html": Str2html,
|
||||||
"TimeSince": TimeSince,
|
"TimeSince": TimeSince,
|
||||||
"FileSize": FileSize,
|
"FileSize": FileSize,
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
0.5.11.0103 Beta
|
0.5.12.0120 Beta
|
|
@ -32,7 +32,7 @@
|
||||||
<a href="{{$.RepoLink}}/issues?milestone={{.Index}}{{if .IsClosed}}&state=closed{{end}}">Issues</a>
|
<a href="{{$.RepoLink}}/issues?milestone={{.Index}}{{if .IsClosed}}&state=closed{{end}}">Issues</a>
|
||||||
</p>
|
</p>
|
||||||
<hr/>
|
<hr/>
|
||||||
<p class="description">{{.RenderedContent | str2html}}</p>
|
<p class="description">{{.RenderedContent | Str2html}}</p>
|
||||||
</div>
|
</div>
|
||||||
{{end}}
|
{{end}}
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
<div class="panel panel-default issue-content">
|
<div class="panel panel-default issue-content">
|
||||||
<div class="panel-body">
|
<div class="panel-body">
|
||||||
<div class="content markdown">
|
<div class="content markdown">
|
||||||
{{str2html .Issue.RenderedContent}}
|
{{Str2html .Issue.RenderedContent}}
|
||||||
</div>
|
</div>
|
||||||
<div class="issue-edit-content hidden">
|
<div class="issue-edit-content hidden">
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
|
@ -73,7 +73,7 @@
|
||||||
</div>
|
</div>
|
||||||
<div class="panel-body markdown">
|
<div class="panel-body markdown">
|
||||||
{{if len .Content}}
|
{{if len .Content}}
|
||||||
{{str2html .Content}}
|
{{Str2html .Content}}
|
||||||
{{else}}
|
{{else}}
|
||||||
<i>No comment entered</i>
|
<i>No comment entered</i>
|
||||||
{{end}}
|
{{end}}
|
||||||
|
|
|
@ -39,7 +39,7 @@
|
||||||
<span class="ahead">{{$.i18n.Tr "repo.release.ahead" .NumCommitsBehind .Target | Str2html}}</span>
|
<span class="ahead">{{$.i18n.Tr "repo.release.ahead" .NumCommitsBehind .Target | Str2html}}</span>
|
||||||
</p>
|
</p>
|
||||||
<div class="markdown desc">
|
<div class="markdown desc">
|
||||||
{{str2html .Note}}
|
{{Str2html .Note}}
|
||||||
</div>
|
</div>
|
||||||
<p class="download">
|
<p class="download">
|
||||||
<a class="btn btn-gray btn-large btn-radius" href="{{$.RepoLink}}/archive/{{.TagName}}.zip" rel="nofollow"><i class="fa fa-download"></i> {{$.i18n.Tr "repo.release.source_code"}} (ZIP)</a>
|
<a class="btn btn-gray btn-large btn-radius" href="{{$.RepoLink}}/archive/{{.TagName}}.zip" rel="nofollow"><i class="fa fa-download"></i> {{$.i18n.Tr "repo.release.source_code"}} (ZIP)</a>
|
||||||
|
|
Reference in a new issue