shaba/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2024-12-26 03:21:33 +03:00
Code Issues Projects Releases Wiki Activity
04196b7658
gitea/modules/markup/sanitizer.go

144 lines
5.1 KiB
Go
Raw Normal View History

Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
2017-04-13 05:52:24 +03:00
// Copyright 2017 The Gitea Authors. All rights reserved.
// Copyright 2017 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
Restructure markup & markdown to prepare for multiple markup language… (#2411) * restructure markup & markdown to prepare for multiple markup languages support * adjust some functions between markdown and markup * fix tests * improve the comments
2017-09-16 20:17:57 +03:00
package markup
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
2017-04-13 05:52:24 +03:00
import (
Change markdown rendering from blackfriday to goldmark (#9533) * Move to goldmark Markdown rendering moved from blackfriday to the goldmark. Multiple subtle changes required to the goldmark extensions to keep current rendering and defaults. Can go further with goldmark linkify and have this work within markdown rendering making the link processor unnecessary. Need to think about how to go about allowing extensions - at present it seems that these would be hard to do without recompilation. * linter fixes Co-authored-by: Lauris BH <lauris@nix.lv>
2019-12-31 04:53:28 +03:00
"bytes"
"io"
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
2017-04-13 05:52:24 +03:00
"regexp"
"sync"
"code.gitea.io/gitea/modules/setting"
"github.com/microcosm-cc/bluemonday"
)
// Sanitizer is a protection wrapper of *bluemonday.Policy which does not allow
// any modification to the underlying policies once it's been created.
type Sanitizer struct {
policy *bluemonday.Policy
init sync.Once
}
var sanitizer = &Sanitizer{}
// NewSanitizer initializes sanitizer with allowed attributes based on settings.
// Multiple calls to this function will only create one instance of Sanitizer during
// entire application lifecycle.
func NewSanitizer() {
sanitizer.init.Do(func() {
Support inline rendering of CUSTOM_URL_SCHEMES (#8496) * Support inline rendering of CUSTOM_URL_SCHEMES * Fix lint * Add tests * Fix lint
2019-10-15 04:31:09 +03:00
ReplaceSanitizer()
})
}
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
2017-04-13 05:52:24 +03:00
Support inline rendering of CUSTOM_URL_SCHEMES (#8496) * Support inline rendering of CUSTOM_URL_SCHEMES * Fix lint * Add tests * Fix lint
2019-10-15 04:31:09 +03:00
// ReplaceSanitizer replaces the current sanitizer to account for changes in settings
func ReplaceSanitizer() {
sanitizer.policy = bluemonday.UGCPolicy()
Server-side syntax highlighting for all code (#12047) * Server-side syntax hilighting for all code This PR does a few things: * Remove all traces of highlight.js * Use chroma library to provide fast syntax hilighting directly on the server * Provide syntax hilighting for diffs * Re-style both unified and split diffs views * Add custom syntax hilighting styling for both regular and arc-green Fixes #7729 Fixes #10157 Fixes #11825 Fixes #7728 Fixes #3872 Fixes #3682 And perhaps gets closer to #9553 * fix line marker * fix repo search * Fix single line select * properly load settings * npm uninstall highlight.js * review suggestion * code review * forgot to call function * fix test * Apply suggestions from code review suggestions from @silverwind thanks Co-authored-by: silverwind <me@silverwind.io> * code review * copy/paste error * Use const for highlight size limit * Update web_src/less/_repository.less Co-authored-by: Lauris BH <lauris@nix.lv> * update size limit to 1MB and other styling tweaks * fix highlighting for certain diff sections * fix test * add worker back as suggested Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-07-01 00:34:03 +03:00
// For Chroma markdown plugin
Add loading spinners and mermaid error handling (#12358) - Add loading spinners on editor and mermaid renderers - Add error handling and inline error box for mermaid - Fix Mermaid rendering by using the .init api
2020-08-04 22:56:37 +03:00
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^is-loading$`)).OnElements("pre")
Server-side syntax highlighting for all code (#12047) * Server-side syntax hilighting for all code This PR does a few things: * Remove all traces of highlight.js * Use chroma library to provide fast syntax hilighting directly on the server * Provide syntax hilighting for diffs * Re-style both unified and split diffs views * Add custom syntax hilighting styling for both regular and arc-green Fixes #7729 Fixes #10157 Fixes #11825 Fixes #7728 Fixes #3872 Fixes #3682 And perhaps gets closer to #9553 * fix line marker * fix repo search * Fix single line select * properly load settings * npm uninstall highlight.js * review suggestion * code review * forgot to call function * fix test * Apply suggestions from code review suggestions from @silverwind thanks Co-authored-by: silverwind <me@silverwind.io> * code review * copy/paste error * Use const for highlight size limit * Update web_src/less/_repository.less Co-authored-by: Lauris BH <lauris@nix.lv> * update size limit to 1MB and other styling tweaks * fix highlighting for certain diff sections * fix test * add worker back as suggested Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-07-01 00:34:03 +03:00
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^(chroma )?language-[\w-]+$`)).OnElements("code")
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
2017-04-13 05:52:24 +03:00
Support inline rendering of CUSTOM_URL_SCHEMES (#8496) * Support inline rendering of CUSTOM_URL_SCHEMES * Fix lint * Add tests * Fix lint
2019-10-15 04:31:09 +03:00
// Checkboxes
sanitizer.policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")
Markdown task list improvements (#13952) * Markdown task list improvements - Remove `.ui` class and wrappers to prevent fomantic from messing with it. - Change rendered HTML to match GitHub. - Add custom styling for the checkboxes. * fix unittest Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-13 04:05:50 +03:00
sanitizer.policy.AllowAttrs("checked", "disabled").OnElements("input")
Rewrite reference processing code in preparation for opening/closing from comment references (#8261) * Add a markdown stripper for mentions and xrefs * Improve comments * Small code simplification * Move reference code to modules/references * Fix typo * Make MarkdownStripper return [][]byte * Implement preliminary keywords parsing * Add FIXME comment * Fix comment * make fmt * Fix permissions check * Fix text assumptions * Fix imports * Fix lint, fmt * Fix unused import * Add missing export comment * Bypass revive on implemented interface * Move mdstripper into its own package * Support alphanumeric patterns * Refactor FindAllMentions * Move mentions test to references * Parse mentions from reference package * Refactor code to implement renderizable references * Fix typo * Move patterns and tests to the references package * Fix nil reference * Preliminary rendering attempt of closing keywords * Normalize names, comments, general tidy-up * Add CSS style for action keywords * Fix permission for admin and owner * Fix golangci-lint * Fix golangci-lint
2019-10-14 01:29:10 +03:00
Support inline rendering of CUSTOM_URL_SCHEMES (#8496) * Support inline rendering of CUSTOM_URL_SCHEMES * Fix lint * Add tests * Fix lint
2019-10-15 04:31:09 +03:00
// Custom URL-Schemes
Update to bluemonday-1.0.6 (#15294) Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-04-06 00:38:31 +03:00
if len(setting.Markdown.CustomURLSchemes) > 0 {
sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
}
Support inline rendering of CUSTOM_URL_SCHEMES (#8496) * Support inline rendering of CUSTOM_URL_SCHEMES * Fix lint * Add tests * Fix lint
2019-10-15 04:31:09 +03:00
// Allow keyword markup
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^` + keywordClass + `$`)).OnElements("span")
Allow kbd tags (#9245) * Allow kbd tags Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add test Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-12-03 22:02:41 +03:00
Issue/PR Context Popups (#9822) * Add data-index attribute to issue anchors Signed-off-by: jolheiser <john.olheiser@gmail.com> * Init JS Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add required data to anchor Signed-off-by: jolheiser <john.olheiser@gmail.com> * Finish popup Signed-off-by: jolheiser <john.olheiser@gmail.com> * Revert changes to html.go Signed-off-by: jolheiser <john.olheiser@gmail.com> * Better octicon contexts Signed-off-by: jolheiser <john.olheiser@gmail.com> * Split out popup function for re-use Signed-off-by: jolheiser <john.olheiser@gmail.com> * Style changes, test fixes, and cross-reference support Signed-off-by: jolheiser <john.olheiser@gmail.com> * Prefer em to px Signed-off-by: jolheiser <john.olheiser@gmail.com> * Move label margin to base CSS Signed-off-by: jolheiser <john.olheiser@gmail.com> * Move JS to separate file. Signed-off-by: jolheiser <john.olheiser@gmail.com> * Move JS to features and fix module Signed-off-by: jolheiser <john.olheiser@gmail.com> * Remove query-string and hash Co-Authored-By: silverwind <me@silverwind.io> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
2020-01-20 07:39:21 +03:00
// Allow classes for anchors
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`ref-issue`)).OnElements("a")
Fix task-list checkbox styling (#10668) * Fix task-list checkbox styling The pandoc renderer will append the class "task-list" to the ul element wrapping a li with one or more check-boxes. This allows us to select for them, removing their list-style-type property. However, goldmark and the gfm spec doesn't specify the "task-list" class name, so we can't use that to fix the issue there. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Update to goldmark v1.1.25 This version adds the missing space after a checkbox. Resolves: #9656 Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
2020-03-08 22:17:03 +03:00
// Allow classes for task lists
Prevent 500 with badly formed task list (#11328) Fix #11317 Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-05-11 02:14:49 +03:00
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`task-list-item`)).OnElements("li")
Fix task-list checkbox styling (#10668) * Fix task-list checkbox styling The pandoc renderer will append the class "task-list" to the ul element wrapping a li with one or more check-boxes. This allows us to select for them, removing their list-style-type property. However, goldmark and the gfm spec doesn't specify the "task-list" class name, so we can't use that to fix the issue there. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Update to goldmark v1.1.25 This version adds the missing space after a checkbox. Resolves: #9656 Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
2020-03-08 22:17:03 +03:00
Use markdown frontmatter to provide Table of contents, language and frontmatter rendering (#11047) * Add control for the rendering of the frontmatter * Add control to include a TOC * Add control to set language - allows control of ToC header and CJK glyph choice. Signed-off-by: Andrew Thornton art27@cantab.net
2020-04-24 16:22:36 +03:00
// Allow icons
Make TaskCheckBox render correctly (#11214) * Fix checkbox rendering Signed-off-by: Andrew Thornton <art27@cantab.net> * Normalize checkbox rendering Signed-off-by: Andrew Thornton <art27@cantab.net> * set the checkboxes to readonly instead of disabled Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-04-26 08:09:08 +03:00
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^icon(\s+[\p{L}\p{N}_-]+)+$`)).OnElements("i")
// Allow unlabelled labels
sanitizer.policy.AllowNoAttrs().OnElements("label")
Use markdown frontmatter to provide Table of contents, language and frontmatter rendering (#11047) * Add control for the rendering of the frontmatter * Add control to include a TOC * Add control to set language - allows control of ToC header and CJK glyph choice. Signed-off-by: Andrew Thornton art27@cantab.net
2020-04-24 16:22:36 +03:00
Support unicode emojis and remove emojify.js (#11032) * Support unicode emojis and remove emojify.js This PR replaces all use of emojify.js and adds unicode emoji support to various areas of gitea. This works in a few ways: First it adds emoji parsing support into gitea itself. This allows us to * Render emojis from valid alias (:smile:) * Detect unicode emojis and let us put them in their own class with proper aria-labels and styling * Easily allow for custom "emoji" * Support all emoji rendering and features without javascript * Uses plain unicode and lets the system render in appropriate emoji font * Doesn't leave us relying on external sources for updates/fixes/features That same list of emoji is also used to create a json file which replaces the part of emojify.js that populates the emoji search tribute. This file is about 35KB with GZIP turned on and I've set it to load after the page renders to not hinder page load time (and this removes loading emojify.js also) For custom "emoji" it uses a pretty simple scheme of just looking for /emojis/img/name.png where name is something a user has put in the "allowed reactions" setting we already have. The gitea reaction that was previously hard coded into a forked copy of emojify.js is included and works as a custom reaction under this method. The emoji data sourced here is from https://github.com/github/gemoji which is the gem library Github uses for their emoji rendering (and a data source for other sites). So we should be able to easily render any emoji and :alias: that Github can, removing any errors from migrated content. They also update it as well, so we can sync when there are new unicode emoji lists released. I've included a slimmed down and slightly modified forked copy of https://github.com/knq/emoji to make up our own emoji module. The code is pretty straight forward and again allows us to have a lot of flexibility in what happens. I had seen a few comments about performance in some of the other threads if we render this ourselves, but there doesn't seem to be any issue here. In a test it can parse, convert, and render 1,000 emojis inside of a large markdown table in about 100ms on my laptop (which is many more emojis than will ever be in any normal issue). This also prevents any flickering and other weirdness from using javascript to render some things while using go for others. Not included here are image fall back URLS. I don't really think they are necessary for anything new being written in 2020. However, managing the emoji ourselves would allow us to add these as a feature later on if it seems necessary. Fixes: https://github.com/go-gitea/gitea/issues/9182 Fixes: https://github.com/go-gitea/gitea/issues/8974 Fixes: https://github.com/go-gitea/gitea/issues/8953 Fixes: https://github.com/go-gitea/gitea/issues/6628 Fixes: https://github.com/go-gitea/gitea/issues/5130 * add new shared function emojiHTML * don't increase emoji size in issue title * Update templates/repo/issue/view_content/add_reaction.tmpl Co-Authored-By: 6543 <6543@obermui.de> * Support for emoji rendering in various templates * Render code and review comments as they should be * Better way to handle mail subjects * insert unicode from tribute selection * Add template helper for plain text when needed * Use existing replace function I forgot about * Don't include emoji greater than Unicode Version 12 Only include emoji and aliases in JSON * Update build/generate-emoji.go * Tweak regex slightly to really match everything including random invisible characters. Run tests for every emoji we have * final updates * code review * code review * hard code gitea custom emoji to match previous behavior * Update .eslintrc Co-Authored-By: silverwind <me@silverwind.io> * disable preempt Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-04-28 21:05:39 +03:00
// Allow classes for emojis
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`emoji`)).OnElements("img")
Markdown task list improvements (#13952) * Markdown task list improvements - Remove `.ui` class and wrappers to prevent fomantic from messing with it. - Change rendered HTML to match GitHub. - Add custom styling for the checkboxes. * fix unittest Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-13 04:05:50 +03:00
// Allow icons, emojis, and chroma syntax on span
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(emoji))$|^([a-z][a-z0-9]{0,2})$`)).OnElements("span")
Restore checkbox rendering and prevent poor sanitization of spans (#11277) * Add test Signed-off-by: Andrew Thornton <art27@cantab.net> * Restore checkbox rendering and prevent poor sanitization of spans Signed-off-by: Andrew Thornton <art27@cantab.net> * Also fix preview context Signed-off-by: Andrew Thornton <art27@cantab.net> * Also fix preview context Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-05-03 23:17:24 +03:00
Add Tabular Diff for CSV files (#14661) Implements request #14320 The rendering of CSV files does match the diff style. * Moved CSV logic into base package. * Added method to create a tabular diff. * Added CSV compare context. * Added CSV diff template. * Use new table style in CSV markup. * Added file size limit for CSV rendering. * Display CSV parser errors in diff. * Lazy read single file. * Lazy read rows for full diff. * Added unit tests for various CSV changes.
2021-03-29 23:44:28 +03:00
// Allow data tables
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`data-table`)).OnElements("table")
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`line-num`)).OnElements("th", "td")
Relax sanitization as per https://github.com/jch/html-pipeline (#10527) Looking at github/markup#245 it is clear that GH uses https://github.com/jch/html-pipeline to sanitize. This PR relaxes our sanitization to more closely match this. Fixes #10471 and likely others...
2020-02-28 23:05:12 +03:00
// Allow generally safe attributes
generalSafeAttrs := []string{"abbr", "accept", "accept-charset",
"accesskey", "action", "align", "alt",
"aria-describedby", "aria-hidden", "aria-label", "aria-labelledby",
"axis", "border", "cellpadding", "cellspacing", "char",
"charoff", "charset", "checked",
"clear", "cols", "colspan", "color",
"compact", "coords", "datetime", "dir",
"disabled", "enctype", "for", "frame",
"headers", "height", "hreflang",
"hspace", "ismap", "label", "lang",
"maxlength", "media", "method",
"multiple", "name", "nohref", "noshade",
"nowrap", "open", "prompt", "readonly", "rel", "rev",
"rows", "rowspan", "rules", "scope",
"selected", "shape", "size", "span",
"start", "summary", "tabindex", "target",
"title", "type", "usemap", "valign", "value",
"vspace", "width", "itemprop",
}
generalSafeElements := []string{
"h1", "h2", "h3", "h4", "h5", "h6", "h7", "h8", "br", "b", "i", "strong", "em", "a", "pre", "code", "img", "tt",
"div", "ins", "del", "sup", "sub", "p", "ol", "ul", "table", "thead", "tbody", "tfoot", "blockquote",
"dl", "dt", "dd", "kbd", "q", "samp", "var", "hr", "ruby", "rt", "rp", "li", "tr", "td", "th", "s", "strike", "summary",
"details", "caption", "figure", "figcaption",
"abbr", "bdo", "cite", "dfn", "mark", "small", "span", "time", "wbr",
}
sanitizer.policy.AllowAttrs(generalSafeAttrs...).OnElements(generalSafeElements...)
sanitizer.policy.AllowAttrs("itemscope", "itemtype").OnElements("div")
// FIXME: Need to handle longdesc in img but there is no easy way to do it
Markdown: Sanitizier Configuration (#9075) * Support custom sanitization policy Allowing the gitea administrator to configure sanitization policy allows them to couple external renders and custom templates to support more markup. In particular, the `pandoc` renderer allows generating KaTeX annotations, wrapping them in `<span>` elements with class `math` and either `inline` or `display` (depending on whether or not inline or block mode was requested). This iteration gives the administrator whitelisting powers; carefully crafted regexes will thus let through only the desired attributes necessary to support their custom markup. Resolves: #9054 Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Document new sanitization configuration - Adds basic documentation to app.ini.sample, - Adds an example to the Configuration Cheat Sheet, and - Adds extended information to External Renderers section. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Drop extraneous length check in newMarkupSanitizer(...) Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Fix plural ELEMENT and ALLOW_ATTR in docs These were left over from their initial names. Make them singular to conform with the current expectations. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
2019-12-07 22:49:04 +03:00
// Custom keyword markup
for _, rule := range setting.ExternalSanitizerRules {
if rule.Regexp != nil {
sanitizer.policy.AllowAttrs(rule.AllowAttr).Matching(rule.Regexp).OnElements(rule.Element)
} else {
sanitizer.policy.AllowAttrs(rule.AllowAttr).OnElements(rule.Element)
}
}
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
2017-04-13 05:52:24 +03:00
}
// Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist.
func Sanitize(s string) string {
fix #1501 ssh hangs caused by #1461 (#1513)
2017-04-19 14:16:36 +03:00
NewSanitizer()
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
2017-04-13 05:52:24 +03:00
return sanitizer.policy.Sanitize(s)
}
Change markdown rendering from blackfriday to goldmark (#9533) * Move to goldmark Markdown rendering moved from blackfriday to the goldmark. Multiple subtle changes required to the goldmark extensions to keep current rendering and defaults. Can go further with goldmark linkify and have this work within markdown rendering making the link processor unnecessary. Need to think about how to go about allowing extensions - at present it seems that these would be hard to do without recompilation. * linter fixes Co-authored-by: Lauris BH <lauris@nix.lv>
2019-12-31 04:53:28 +03:00
// SanitizeReader sanitizes a Reader
func SanitizeReader(r io.Reader) *bytes.Buffer {
NewSanitizer()
return sanitizer.policy.SanitizeReader(r)
}
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
2017-04-13 05:52:24 +03:00
// SanitizeBytes takes a []byte slice that contains a HTML fragment or document and applies policy whitelist.
func SanitizeBytes(b []byte) []byte {
if len(b) == 0 {
// nothing to sanitize
return b
}
fix #1501 ssh hangs caused by #1461 (#1513)
2017-04-19 14:16:36 +03:00
NewSanitizer()
Sanitation fix from Gogs (#1461) * Santiation fix from Gogs * Linting * Fix build-errors * still not working * Fix all the things! * gofmt * Add code-injection checks
2017-04-13 05:52:24 +03:00
return sanitizer.policy.SanitizeBytes(b)
}
Reference in New Issue Copy Permalink