luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-06-24 10:00:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

[GITEA] Use restricted sanitizer for repository description

Browse source 
- Currently the repository description uses the same sanitizer as a
normal markdown document. This means that element such as heading and
images are allowed and can be abused.
- Create a minimal restricted sanitizer for the repository description,
which only allows what the postprocessor currently allows, which are
links and emojis.
- Added unit testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1202
- Resolves https://codeberg.org/Codeberg/Community/issues/1122

(cherry picked from commit a8afa4cd18)
(cherry picked from commit 0238587c51)
(cherry picked from commit a8c7bbf728)
(cherry picked from commit 80e05a8245)
(cherry picked from commit f5af5050b3)
(cherry picked from commit 608f981e55)
(cherry picked from commit 6591867502)
This commit is contained in:
Gusted 2023-09-13 12:04:10 +02:00 committed by Earl Warren
parent 7ac510074b
commit b7e6dedafd
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
3 changed files with 56 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
models/repo/repo.go
View file

@ -576,9 +576,9 @@ func (repo *Repository) DescriptionHTML(ctx context.Context) template.HTML {
}, repo.Description)
if err != nil {
log.Error("Failed to render description for %s (ID: %d): %v", repo.Name, repo.ID, err)
return template.HTML(markup.Sanitize(repo.Description))
return template.HTML(markup.SanitizeDescription(repo.Description))
}
return template.HTML(markup.Sanitize(desc))
return template.HTML(markup.SanitizeDescription(desc))
}
// CloneLink represents different types of clone URLs of repository.