diff --git a/modules/base/markdown.go b/modules/base/markdown.go index a3d3a7ca8098..0ef379b8eda9 100644 --- a/modules/base/markdown.go +++ b/modules/base/markdown.go @@ -142,6 +142,16 @@ func (r *CustomRender) AutoLink(out *bytes.Buffer, link []byte, kind int) { r.Renderer.AutoLink(out, link, kind) } +func (options *CustomRender) ListItem(out *bytes.Buffer, text []byte, flags int) { + switch { + case bytes.HasPrefix(text, []byte("[ ] ")): + text = append([]byte(``), text[3:]...) + case bytes.HasPrefix(text, []byte("[x] ")): + text = append([]byte(``), text[3:]...) + } + options.Renderer.ListItem(out, text, flags) +} + var ( svgSuffix = []byte(".svg") svgSuffixWithMark = []byte(".svg?") diff --git a/modules/base/tool.go b/modules/base/tool.go index 6bfd912d32c6..f98ae28b93a3 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -31,7 +31,16 @@ import ( "github.com/gogits/gogs/modules/setting" ) -var Sanitizer = bluemonday.UGCPolicy().AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") +func BuildSanitizer() (p *bluemonday.Policy) { + p = bluemonday.UGCPolicy() + p.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") + + p.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") + p.AllowAttrs("checked", "disabled").OnElements("input") + return p +} + +var Sanitizer = BuildSanitizer() // EncodeMD5 encodes string to md5 hex value. func EncodeMD5(str string) string {