diff --git a/modules/base/markdown.go b/modules/base/markdown.go
index a3d3a7ca8098..0ef379b8eda9 100644
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -142,6 +142,16 @@ func (r *CustomRender) AutoLink(out *bytes.Buffer, link []byte, kind int) {
r.Renderer.AutoLink(out, link, kind)
}
+func (options *CustomRender) ListItem(out *bytes.Buffer, text []byte, flags int) {
+ switch {
+ case bytes.HasPrefix(text, []byte("[ ] ")):
+ text = append([]byte(``), text[3:]...)
+ case bytes.HasPrefix(text, []byte("[x] ")):
+ text = append([]byte(``), text[3:]...)
+ }
+ options.Renderer.ListItem(out, text, flags)
+}
+
var (
svgSuffix = []byte(".svg")
svgSuffixWithMark = []byte(".svg?")
diff --git a/modules/base/tool.go b/modules/base/tool.go
index 6bfd912d32c6..f98ae28b93a3 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -31,7 +31,16 @@ import (
"github.com/gogits/gogs/modules/setting"
)
-var Sanitizer = bluemonday.UGCPolicy().AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
+func BuildSanitizer() (p *bluemonday.Policy) {
+ p = bluemonday.UGCPolicy()
+ p.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
+
+ p.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")
+ p.AllowAttrs("checked", "disabled").OnElements("input")
+ return p
+}
+
+var Sanitizer = BuildSanitizer()
// EncodeMD5 encodes string to md5 hex value.
func EncodeMD5(str string) string {