From ed2dbda2c515158106c58d2e174560796767b44a Mon Sep 17 00:00:00 2001 From: oppiliappan Date: Sat, 16 Aug 2025 22:42:39 +0100 Subject: [PATCH] appview: render markdown in titles, commit messages and descriptions Change-Id: sssuxsytsltsvkpkrmoluqvrzzqsqltl uses the newly added description filter that only autlinks, and renders backticks, bold and italics. Signed-off-by: oppiliappan --- appview/issues/issues.go | 12 ++++++++++++ .../templates/repo/fragments/repoDescription.html | 2 +- appview/pages/templates/repo/issues/issue.html | 2 +- appview/pages/templates/repo/issues/issues.html | 2 +- .../templates/repo/pulls/fragments/pullHeader.html | 2 +- .../repo/pulls/fragments/summarizedPullHeader.html | 2 +- appview/pages/templates/repo/pulls/pull.html | 2 +- appview/pages/templates/repo/pulls/pulls.html | 2 +- appview/pages/templates/user/fragments/repoCard.html | 2 +- appview/pulls/pulls.go | 6 ++++++ 10 files changed, 26 insertions(+), 8 deletions(-) diff --git a/appview/issues/issues.go b/appview/issues/issues.go index 76930783..0deb0417 100644 --- a/appview/issues/issues.go +++ b/appview/issues/issues.go @@ -7,6 +7,7 @@ import ( "net/http" "slices" "strconv" + "strings" "time" comatproto "github.com/bluesky-social/indigo/api/atproto" @@ -21,6 +22,7 @@ import ( "tangled.sh/tangled.sh/core/appview/notify" "tangled.sh/tangled.sh/core/appview/oauth" "tangled.sh/tangled.sh/core/appview/pages" + "tangled.sh/tangled.sh/core/appview/pages/markup" "tangled.sh/tangled.sh/core/appview/pagination" "tangled.sh/tangled.sh/core/appview/reporesolver" "tangled.sh/tangled.sh/core/idresolver" @@ -643,6 +645,16 @@ func (rp *Issues) NewIssue(w http.ResponseWriter, r *http.Request) { return } + sanitizer := markup.NewSanitizer() + if st := strings.TrimSpace(sanitizer.SanitizeDescription(title)); st == "" { + rp.pages.Notice(w, "issues", "Title is empty after HTML sanitization") + return + } + if sb := strings.TrimSpace(sanitizer.SanitizeDefault(body)); sb == "" { + rp.pages.Notice(w, "issues", "Body is empty after HTML sanitization") + return + } + tx, err := rp.db.BeginTx(r.Context(), nil) if err != nil { rp.pages.Notice(w, "issues", "Failed to create issue, try again later") diff --git a/appview/pages/templates/repo/fragments/repoDescription.html b/appview/pages/templates/repo/fragments/repoDescription.html index 3d4685a1..15460d59 100644 --- a/appview/pages/templates/repo/fragments/repoDescription.html +++ b/appview/pages/templates/repo/fragments/repoDescription.html @@ -1,7 +1,7 @@ {{ define "repo/fragments/repoDescription" }} {{ if .RepoInfo.Description }} - {{ .RepoInfo.Description }} + {{ .RepoInfo.Description | description }} {{ else }} this repo has no description {{ end }} diff --git a/appview/pages/templates/repo/issues/issue.html b/appview/pages/templates/repo/issues/issue.html index 9dc9a65a..75534e55 100644 --- a/appview/pages/templates/repo/issues/issue.html +++ b/appview/pages/templates/repo/issues/issue.html @@ -11,7 +11,7 @@ {{ define "repoContent" }}

- {{ .Issue.Title }} + {{ .Issue.Title | description }} #{{ .Issue.IssueId }}

diff --git a/appview/pages/templates/repo/issues/issues.html b/appview/pages/templates/repo/issues/issues.html index 7f01a1e3..b4532b97 100644 --- a/appview/pages/templates/repo/issues/issues.html +++ b/appview/pages/templates/repo/issues/issues.html @@ -45,7 +45,7 @@ href="/{{ $.RepoInfo.FullName }}/issues/{{ .IssueId }}" class="no-underline hover:underline" > - {{ .Title }} + {{ .Title | description }} #{{ .IssueId }} diff --git a/appview/pages/templates/repo/pulls/fragments/pullHeader.html b/appview/pages/templates/repo/pulls/fragments/pullHeader.html index 22968aa5..5e61669c 100644 --- a/appview/pages/templates/repo/pulls/fragments/pullHeader.html +++ b/appview/pages/templates/repo/pulls/fragments/pullHeader.html @@ -1,7 +1,7 @@ {{ define "repo/pulls/fragments/pullHeader" }}

- {{ .Pull.Title }} + {{ .Pull.Title | description }} #{{ .Pull.PullId }}

diff --git a/appview/pages/templates/repo/pulls/fragments/summarizedPullHeader.html b/appview/pages/templates/repo/pulls/fragments/summarizedPullHeader.html index f6dc6db8..06558a47 100644 --- a/appview/pages/templates/repo/pulls/fragments/summarizedPullHeader.html +++ b/appview/pages/templates/repo/pulls/fragments/summarizedPullHeader.html @@ -9,7 +9,7 @@ #{{ .PullId }} - {{ .Title }} + {{ .Title | description }} diff --git a/appview/pages/templates/repo/pulls/pull.html b/appview/pages/templates/repo/pulls/pull.html index d7bac1fe..2ea4a9c3 100644 --- a/appview/pages/templates/repo/pulls/pull.html +++ b/appview/pages/templates/repo/pulls/pull.html @@ -122,7 +122,7 @@ {{ end }}
- {{ .Title }} + {{ .Title | description }} {{ if gt (len .Body) 0 }}
{{ with .Description }}
- {{ . }} + {{ . | description }}
{{ end }} diff --git a/appview/pulls/pulls.go b/appview/pulls/pulls.go index b28cc53e..c7caec72 100644 --- a/appview/pulls/pulls.go +++ b/appview/pulls/pulls.go @@ -19,6 +19,7 @@ import ( "tangled.sh/tangled.sh/core/appview/notify" "tangled.sh/tangled.sh/core/appview/oauth" "tangled.sh/tangled.sh/core/appview/pages" + "tangled.sh/tangled.sh/core/appview/pages/markup" "tangled.sh/tangled.sh/core/appview/reporesolver" "tangled.sh/tangled.sh/core/idresolver" "tangled.sh/tangled.sh/core/knotclient" @@ -740,6 +741,11 @@ func (s *Pulls) NewPull(w http.ResponseWriter, r *http.Request) { s.pages.Notice(w, "pull", "Title is required for git-diff patches.") return } + sanitizer := markup.NewSanitizer() + if st := strings.TrimSpace(sanitizer.SanitizeDescription(title)); (st) == "" { + s.pages.Notice(w, "pull", "Title is empty after HTML sanitization") + return + } } // Validate we have at least one valid PR creation method -- 2.43.0