Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-24 10:46:10 +01:00

add regexp to restrict <code class=""></code>

This commit is contained in:
Hongcai Deng 2015-09-10 09:06:09 +08:00
parent 357c002c03
commit e4d4662074

View file

@ -15,6 +15,7 @@ import (
"hash"
"html/template"
"math"
"regexp"
"strings"
"time"
@ -26,11 +27,8 @@ import (
"github.com/gogits/gogs/modules/setting"
)
var Sanitizer = bluemonday.UGCPolicy()
var Sanitizer = bluemonday.UGCPolicy().AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
func init() {
Sanitizer.AllowAttrs("class").OnElements("code")
}
// Encode string to md5 hex value.
func EncodeMd5(str string) string {