oss/forgejo
oss/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-09-15 18:56:59 +00:00
Code Wiki Activity

[GITEA] Use restricted sanitizer for repository description

Browse source 
- Backport of https://codeberg.org/forgejo/forgejo/pulls/1433
  - Currently the repository description uses the same sanitizer as a
normal markdown document. This means that element such as heading and
images are allowed and can be abused.
  - Create a minimal restricted sanitizer for the repository description,
which only allows what the postprocessor currently allows, which are
links and emojis.
  - Added unit testing.
  - Resolves https://codeberg.org/forgejo/forgejo/issues/1202
  - Resolves https://codeberg.org/Codeberg/Community/issues/1122

(cherry picked from commit a8afa4cd18)
This commit is contained in:
Gusted 2023-09-13 12:04:10 +02:00
parent 5aad8a6918
commit 4b9a473e12
No known key found for this signature in database
GPG key ID: FD821B732837125F
3 changed files with 56 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
models/repo/repo.go
View file

@ -523,9 +523,9 @@ func (repo *Repository) DescriptionHTML(ctx context.Context) template.HTML {
}, repo.Description)
if err != nil {
log.Error("Failed to render description for %s (ID: %d): %v", repo.Name, repo.ID, err)
return template.HTML(markup.Sanitize(repo.Description))
return template.HTML(markup.SanitizeDescription(repo.Description))
}
return template.HTML(markup.Sanitize(desc))
return template.HTML(markup.SanitizeDescription(desc))
}
// CloneLink represents different types of clone URLs of repository.