add regexp to restrict `<code class=""></code>`
This commit is contained in:
parent
357c002c03
commit
e4d4662074
|
@ -15,6 +15,7 @@ import (
|
||||||
"hash"
|
"hash"
|
||||||
"html/template"
|
"html/template"
|
||||||
"math"
|
"math"
|
||||||
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
@ -26,11 +27,8 @@ import (
|
||||||
"github.com/gogits/gogs/modules/setting"
|
"github.com/gogits/gogs/modules/setting"
|
||||||
)
|
)
|
||||||
|
|
||||||
var Sanitizer = bluemonday.UGCPolicy()
|
var Sanitizer = bluemonday.UGCPolicy().AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
|
||||||
|
|
||||||
func init() {
|
|
||||||
Sanitizer.AllowAttrs("class").OnElements("code")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Encode string to md5 hex value.
|
// Encode string to md5 hex value.
|
||||||
func EncodeMd5(str string) string {
|
func EncodeMd5(str string) string {
|
||||||
|
|
Loading…
Reference in New Issue