|
|
|
@@ -9,7 +9,6 @@ import ( |
|
|
|
"regexp" |
|
|
|
"sync" |
|
|
|
|
|
|
|
"code.gitea.io/gitea/modules/log" |
|
|
|
"code.gitea.io/gitea/modules/setting" |
|
|
|
|
|
|
|
"github.com/microcosm-cc/bluemonday" |
|
|
|
@@ -28,7 +27,6 @@ var sanitizer = &Sanitizer{} |
|
|
|
// Multiple calls to this function will only create one instance of Sanitizer during |
|
|
|
// entire application lifecycle. |
|
|
|
func NewSanitizer() { |
|
|
|
log.Trace("Markdown: sanitizer initialization requested") |
|
|
|
sanitizer.init.Do(func() { |
|
|
|
sanitizer.policy = bluemonday.UGCPolicy() |
|
|
|
// We only want to allow HighlightJS specific classes for code blocks |
|
|
|
@@ -40,16 +38,12 @@ func NewSanitizer() { |
|
|
|
|
|
|
|
// Custom URL-Schemes |
|
|
|
sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) |
|
|
|
|
|
|
|
log.Trace("Markdown: sanitizer initialized") |
|
|
|
}) |
|
|
|
} |
|
|
|
|
|
|
|
// Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist. |
|
|
|
func Sanitize(s string) string { |
|
|
|
if sanitizer.policy == nil { |
|
|
|
NewSanitizer() |
|
|
|
} |
|
|
|
NewSanitizer() |
|
|
|
return sanitizer.policy.Sanitize(s) |
|
|
|
} |
|
|
|
|
|
|
|
@@ -59,8 +53,6 @@ func SanitizeBytes(b []byte) []byte { |
|
|
|
// nothing to sanitize |
|
|
|
return b |
|
|
|
} |
|
|
|
if sanitizer.policy == nil { |
|
|
|
NewSanitizer() |
|
|
|
} |
|
|
|
NewSanitizer() |
|
|
|
return sanitizer.policy.SanitizeBytes(b) |
|
|
|
} |
Lunny Xiao
GitHub
8 years ago