2017-04-13 05:52:24 +03:00
// Copyright 2017 The Gitea Authors. All rights reserved.
// Copyright 2017 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2017-09-16 20:17:57 +03:00
package markup
2017-04-13 05:52:24 +03:00
import (
2019-12-31 04:53:28 +03:00
"io"
2017-04-13 05:52:24 +03:00
"regexp"
"sync"
"code.gitea.io/gitea/modules/setting"
"github.com/microcosm-cc/bluemonday"
)
// Sanitizer is a protection wrapper of *bluemonday.Policy which does not allow
// any modification to the underlying policies once it's been created.
type Sanitizer struct {
2021-06-24 00:09:51 +03:00
defaultPolicy * bluemonday . Policy
rendererPolicies map [ string ] * bluemonday . Policy
init sync . Once
2017-04-13 05:52:24 +03:00
}
var sanitizer = & Sanitizer { }
// NewSanitizer initializes sanitizer with allowed attributes based on settings.
// Multiple calls to this function will only create one instance of Sanitizer during
// entire application lifecycle.
func NewSanitizer ( ) {
sanitizer . init . Do ( func ( ) {
2021-06-24 00:09:51 +03:00
InitializeSanitizer ( )
2019-10-15 04:31:09 +03:00
} )
}
2017-04-13 05:52:24 +03:00
2021-06-24 00:09:51 +03:00
// InitializeSanitizer (re)initializes the current sanitizer to account for changes in settings
func InitializeSanitizer ( ) {
sanitizer . rendererPolicies = map [ string ] * bluemonday . Policy { }
sanitizer . defaultPolicy = createDefaultPolicy ( )
for name , renderer := range renderers {
sanitizerRules := renderer . SanitizerRules ( )
if len ( sanitizerRules ) > 0 {
policy := createDefaultPolicy ( )
addSanitizerRules ( policy , sanitizerRules )
sanitizer . rendererPolicies [ name ] = policy
}
}
}
func createDefaultPolicy ( ) * bluemonday . Policy {
policy := bluemonday . UGCPolicy ( )
2021-11-16 11:16:05 +03:00
// For JS code copy and Mermaid loading state
policy . AllowAttrs ( "class" ) . Matching ( regexp . MustCompile ( ` ^code-block( is-loading)?$ ` ) ) . OnElements ( "pre" )
2020-07-01 00:34:03 +03:00
// For Chroma markdown plugin
2021-06-24 00:09:51 +03:00
policy . AllowAttrs ( "class" ) . Matching ( regexp . MustCompile ( ` ^(chroma )?language-[\w-]+$ ` ) ) . OnElements ( "code" )
2017-04-13 05:52:24 +03:00
2019-10-15 04:31:09 +03:00
// Checkboxes
2021-06-24 00:09:51 +03:00
policy . AllowAttrs ( "type" ) . Matching ( regexp . MustCompile ( ` ^checkbox$ ` ) ) . OnElements ( "input" )
policy . AllowAttrs ( "checked" , "disabled" , "data-source-position" ) . OnElements ( "input" )
2019-10-14 01:29:10 +03:00
2019-10-15 04:31:09 +03:00
// Custom URL-Schemes
2021-04-06 00:38:31 +03:00
if len ( setting . Markdown . CustomURLSchemes ) > 0 {
2021-06-24 00:09:51 +03:00
policy . AllowURLSchemes ( setting . Markdown . CustomURLSchemes ... )
2021-04-06 00:38:31 +03:00
}
2019-10-15 04:31:09 +03:00
2020-01-20 07:39:21 +03:00
// Allow classes for anchors
2021-09-15 11:45:27 +03:00
policy . AllowAttrs ( "class" ) . Matching ( regexp . MustCompile ( ` ref-issue( ref-external-issue)? ` ) ) . OnElements ( "a" )
2020-01-20 07:39:21 +03:00
2020-03-08 22:17:03 +03:00
// Allow classes for task lists
2021-06-24 00:09:51 +03:00
policy . AllowAttrs ( "class" ) . Matching ( regexp . MustCompile ( ` task-list-item ` ) ) . OnElements ( "li" )
2020-03-08 22:17:03 +03:00
2020-04-24 16:22:36 +03:00
// Allow icons
2021-06-24 00:09:51 +03:00
policy . AllowAttrs ( "class" ) . Matching ( regexp . MustCompile ( ` ^icon(\s+[\p { L}\p { N}_-]+)+$ ` ) ) . OnElements ( "i" )
2020-04-26 08:09:08 +03:00
// Allow unlabelled labels
2021-06-24 00:09:51 +03:00
policy . AllowNoAttrs ( ) . OnElements ( "label" )
2020-04-24 16:22:36 +03:00
2020-04-28 21:05:39 +03:00
// Allow classes for emojis
2021-06-24 00:09:51 +03:00
policy . AllowAttrs ( "class" ) . Matching ( regexp . MustCompile ( ` emoji ` ) ) . OnElements ( "img" )
2020-04-28 21:05:39 +03:00
2021-06-16 04:02:03 +03:00
// Allow icons, emojis, chroma syntax and keyword markup on span
2021-06-24 00:09:51 +03:00
policy . AllowAttrs ( "class" ) . Matching ( regexp . MustCompile ( ` ^((icon(\s+[\p { L}\p { N}_-]+)+)|(emoji))$|^([a-z][a-z0-9] { 0,2})$|^ ` + keywordClass + ` $ ` ) ) . OnElements ( "span" )
2021-03-29 23:44:28 +03:00
2020-02-28 23:05:12 +03:00
// Allow generally safe attributes
2022-01-20 20:46:10 +03:00
generalSafeAttrs := [ ] string {
"abbr" , "accept" , "accept-charset" ,
2020-02-28 23:05:12 +03:00
"accesskey" , "action" , "align" , "alt" ,
"aria-describedby" , "aria-hidden" , "aria-label" , "aria-labelledby" ,
"axis" , "border" , "cellpadding" , "cellspacing" , "char" ,
"charoff" , "charset" , "checked" ,
"clear" , "cols" , "colspan" , "color" ,
"compact" , "coords" , "datetime" , "dir" ,
"disabled" , "enctype" , "for" , "frame" ,
"headers" , "height" , "hreflang" ,
"hspace" , "ismap" , "label" , "lang" ,
"maxlength" , "media" , "method" ,
"multiple" , "name" , "nohref" , "noshade" ,
"nowrap" , "open" , "prompt" , "readonly" , "rel" , "rev" ,
"rows" , "rowspan" , "rules" , "scope" ,
"selected" , "shape" , "size" , "span" ,
"start" , "summary" , "tabindex" , "target" ,
"title" , "type" , "usemap" , "valign" , "value" ,
"vspace" , "width" , "itemprop" ,
}
generalSafeElements := [ ] string {
"h1" , "h2" , "h3" , "h4" , "h5" , "h6" , "h7" , "h8" , "br" , "b" , "i" , "strong" , "em" , "a" , "pre" , "code" , "img" , "tt" ,
"div" , "ins" , "del" , "sup" , "sub" , "p" , "ol" , "ul" , "table" , "thead" , "tbody" , "tfoot" , "blockquote" ,
"dl" , "dt" , "dd" , "kbd" , "q" , "samp" , "var" , "hr" , "ruby" , "rt" , "rp" , "li" , "tr" , "td" , "th" , "s" , "strike" , "summary" ,
"details" , "caption" , "figure" , "figcaption" ,
"abbr" , "bdo" , "cite" , "dfn" , "mark" , "small" , "span" , "time" , "wbr" ,
}
2021-06-24 00:09:51 +03:00
policy . AllowAttrs ( generalSafeAttrs ... ) . OnElements ( generalSafeElements ... )
2020-02-28 23:05:12 +03:00
2021-06-24 00:09:51 +03:00
policy . AllowAttrs ( "itemscope" , "itemtype" ) . OnElements ( "div" )
2020-02-28 23:05:12 +03:00
// FIXME: Need to handle longdesc in img but there is no easy way to do it
2019-12-07 22:49:04 +03:00
// Custom keyword markup
2021-06-24 00:09:51 +03:00
addSanitizerRules ( policy , setting . ExternalSanitizerRules )
return policy
}
func addSanitizerRules ( policy * bluemonday . Policy , rules [ ] setting . MarkupSanitizerRule ) {
for _ , rule := range rules {
if rule . AllowDataURIImages {
policy . AllowDataURIImages ( )
}
if rule . Element != "" {
if rule . Regexp != nil {
policy . AllowAttrs ( rule . AllowAttr ) . Matching ( rule . Regexp ) . OnElements ( rule . Element )
} else {
policy . AllowAttrs ( rule . AllowAttr ) . OnElements ( rule . Element )
}
2019-12-07 22:49:04 +03:00
}
}
2017-04-13 05:52:24 +03:00
}
// Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist.
func Sanitize ( s string ) string {
2017-04-19 14:16:36 +03:00
NewSanitizer ( )
2021-06-24 00:09:51 +03:00
return sanitizer . defaultPolicy . Sanitize ( s )
2017-04-13 05:52:24 +03:00
}
2019-12-31 04:53:28 +03:00
// SanitizeReader sanitizes a Reader
2021-11-19 13:46:47 +03:00
func SanitizeReader ( r io . Reader , renderer string , w io . Writer ) error {
2019-12-31 04:53:28 +03:00
NewSanitizer ( )
2021-06-24 00:09:51 +03:00
policy , exist := sanitizer . rendererPolicies [ renderer ]
if ! exist {
policy = sanitizer . defaultPolicy
}
2021-11-19 13:46:47 +03:00
return policy . SanitizeReaderToWriter ( r , w )
2019-12-31 04:53:28 +03:00
}