back round 0 view raw

appview/pages: don't sanitize plaintext readmes #361

merged
opened by anirudh.fi targeting master from push-ormxrmmzomqu

Also, sanitize the raw markdown before rendering.

Signed-off-by: Anirudh Oppiliappan anirudh@tangled.sh

options
unified split
Changed files
+4 -6
appview
pages
pages.go
templates
repo
index.html
+2 -4
appview/pages/pages.go 
···

       
33

       
33

       
 

       
	"github.com/bluesky-social/indigo/atproto/syntax"


     

       
34

       
34

       
 

       
	"github.com/go-git/go-git/v5/plumbing"


     

       
35

       
35

       
 

       
	"github.com/go-git/go-git/v5/plumbing/object"


     

       
36

       

       
-

       
	"github.com/microcosm-cc/bluemonday"


     

       
37

       
36

       
 

       
)


     

       
38

       
37

       
 

       



     

       
39

       
38

       
 

       
//go:embed templates/* static


     
···

       
502

       
501

       
 

       
		ext := filepath.Ext(params.ReadmeFileName)


     

       
503

       
502

       
 

       
		switch ext {


     

       
504

       
503

       
 

       
		case ".md", ".markdown", ".mdown", ".mkdn", ".mkd":


     

       

       
504

       
+

       
			htmlString = p.rctx.Sanitize(htmlString)


     

       
505

       
505

       
 

       
			htmlString = p.rctx.RenderMarkdown(params.Readme)


     

       
506

       
506

       
 

       
			params.Raw = false


     

       
507

       

       
-

       
			params.HTMLReadme = template.HTML(p.rctx.Sanitize(htmlString))


     

       

       
507

       
+

       
			params.HTMLReadme = template.HTML(htmlString)


     

       
508

       
508

       
 

       
		default:


     

       
509

       

       
-

       
			htmlString = string(params.Readme)


     

       
510

       
509

       
 

       
			params.Raw = true


     

       
511

       

       
-

       
			params.HTMLReadme = template.HTML(bluemonday.NewPolicy().Sanitize(htmlString))


     

       
512

       
510

       
 

       
		}


     

       
513

       
511

       
 

       
	}


     

       
514

       
512
+2 -2
appview/pages/templates/repo/index.html 
···

       
358

       
358

       
 

       
{{ end }}


     

       
359

       
359

       
 

       



     

       
360

       
360

       
 

       
{{ define "repoAfter" }}


     

       
361

       

       
-

       
    {{- if .HTMLReadme -}}


     

       

       
361

       
+

       
    {{- if or .HTMLReadme .Readme -}}


     

       
362

       
362

       
 

       
        <section


     

       
363

       
363

       
 

       
            class="p-6 mt-4 rounded-br rounded-bl bg-white dark:bg-gray-800 dark:text-white drop-shadow-sm w-full mx-auto overflow-auto {{ if not .Raw }}


     

       
364

       
364

       
 

       
                prose dark:prose-invert dark:[&_pre]:bg-gray-900


     
···

       
367

       
367

       
 

       
            {{ end }}"


     

       
368

       
368

       
 

       
        >


     

       
369

       
369

       
 

       
            <article class="{{ if .Raw }}whitespace-pre{{ end }}">{{- if .Raw -}}<pre class="dark:bg-gray-800 dark:text-white overflow-x-auto">


     

       
370

       

       
-

       
                        {{- .HTMLReadme -}}


     

       

       
370

       
+

       
                        {{- .Readme -}}


     

       
371

       
371

       
 

       
                    </pre>


     

       
372

       
372

       
 

       
                {{- else -}}


     

       
373

       
373

       
 

       
                    {{ .HTMLReadme }}