appview/pages/markup: add `description` filter #507

merged

opened by

oppi.li 3 months ago targeting master from push-sssuxsytslts

this sanitizer only renders a tiny subset of markdown, to be used in inline elements like PR titles and repo descriptions etc.

Signed-off-by: oppiliappan me@oppi.li

options

unified split

Changed files

+38 -4

appview

pages

funcmap.go

markup

markdown.go

sanitizer.go

+6 -1

appview/pages/funcmap.go

···

       206
       206
        
       			}

     

       207
       207
        
       			return v.Slice(0, min(n, v.Len())).Interface()

     

       208
       208
        
       		},

     

       209
       209
       -
       

     

       210
       209
        
       		"markdown": func(text string) template.HTML {

     

       211
       210
        
       			p.rctx.RendererType = markup.RendererTypeDefault

     

       212
       211
        
       			htmlString := p.rctx.RenderMarkdown(text)

     

       213
       212
        
       			sanitized := p.rctx.SanitizeDefault(htmlString)

     

       214
       213
        
       			return template.HTML(sanitized)

     

       215
       214
        
       		},

     

       215
       215
       +
       		"description": func(text string) template.HTML {

     

       216
       216
       +
       			p.rctx.RendererType = markup.RendererTypeDefault

     

       217
       217
       +
       			htmlString := p.rctx.RenderMarkdown(text)

     

       218
       218
       +
       			sanitized := p.rctx.SanitizeDescription(htmlString)

     

       219
       219
       +
       			return template.HTML(sanitized)

     

       220
       220
       +
       		},

     

       216
       221
        
       		"isNil": func(t any) bool {

     

       217
       222
        
       			// returns false for other "zero" values

     

       218
       223
        
       			return t == nil

+5 -1

appview/pages/markup/markdown.go

···

       161
       161
        
       }

     

       162
       162
        
       

     

       163
       163
        
       func (rctx *RenderContext) SanitizeDefault(html string) string {

     

       164
       164
       -
       	return rctx.Sanitizer.defaultPolicy.Sanitize(html)

     

       164
       164
       +
       	return rctx.Sanitizer.SanitizeDefault(html)

     

       165
       165
       +
       }

     

       166
       166
       +
       

     

       167
       167
       +
       func (rctx *RenderContext) SanitizeDescription(html string) string {

     

       168
       168
       +
       	return rctx.Sanitizer.SanitizeDescription(html)

     

       165
       169
        
       }

     

       166
       170
        
       

     

       167
       171
        
       type MarkdownTransformer struct {

+27 -2

appview/pages/markup/sanitizer.go

···

       11
       11
        
       )

     

       12
       12
        
       

     

       13
       13
        
       type Sanitizer struct {

     

       14
       14
       -
       	defaultPolicy *bluemonday.Policy

     

       14
       14
       +
       	defaultPolicy     *bluemonday.Policy

     

       15
       15
       +
       	descriptionPolicy *bluemonday.Policy

     

       15
       16
        
       }

     

       16
       17
        
       

     

       17
       18
        
       func NewSanitizer() Sanitizer {

     

       18
       19
        
       	return Sanitizer{

     

       19
       19
       -
       		defaultPolicy: defaultPolicy(),

     

       20
       20
       +
       		defaultPolicy:     defaultPolicy(),

     

       21
       21
       +
       		descriptionPolicy: descriptionPolicy(),

     

       20
       22
        
       	}

     

       21
       23
        
       }

     

       22
       24
        
       

     

       25
       25
       +
       func (s *Sanitizer) SanitizeDefault(html string) string {

     

       26
       26
       +
       	return s.defaultPolicy.Sanitize(html)

     

       27
       27
       +
       }

     

       28
       28
       +
       func (s *Sanitizer) SanitizeDescription(html string) string {

     

       29
       29
       +
       	return s.descriptionPolicy.Sanitize(html)

     

       30
       30
       +
       }

     

       31
       31
       +
       

     

       23
       32
        
       func defaultPolicy() *bluemonday.Policy {

     

       24
       33
        
       	policy := bluemonday.UGCPolicy()

     

       25
       34
        
       

     
···

       90
       99
        
       

     

       91
       100
        
       	return policy

     

       92
       101
        
       }

     

       102
       102
       +
       

     

       103
       103
       +
       func descriptionPolicy() *bluemonday.Policy {

     

       104
       104
       +
       	policy := bluemonday.NewPolicy()

     

       105
       105
       +
       	policy.AllowStandardURLs()

     

       106
       106
       +
       

     

       107
       107
       +
       	// allow italics and bold.

     

       108
       108
       +
       	policy.AllowElements("i", "b", "em", "strong")

     

       109
       109
       +
       

     

       110
       110
       +
       	// allow code.

     

       111
       111
       +
       	policy.AllowElements("code")

     

       112
       112
       +
       

     

       113
       113
       +
       	// allow links

     

       114
       114
       +
       	policy.AllowAttrs("href", "target", "rel").OnElements("a")

     

       115
       115
       +
       

     

       116
       116
       +
       	return policy

     

       117
       117
       +
       }