forked from gitea/gitea
1
0
Fork 0
gitea/modules/markup
Alexander Scheel ee7df7ba8c Markdown: Sanitizier Configuration (#9075)
* Support custom sanitization policy

Allowing the gitea administrator to configure sanitization policy allows
them to couple external renders and custom templates to support more
markup. In particular, the `pandoc` renderer allows generating KaTeX
annotations, wrapping them in `<span>` elements with class `math` and
either `inline` or `display` (depending on whether or not inline or
block mode was requested).

This iteration gives the administrator whitelisting powers; carefully
crafted regexes will thus let through only the desired attributes
necessary to support their custom markup.

Resolves: #9054

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>

* Document new sanitization configuration

 - Adds basic documentation to app.ini.sample,
 - Adds an example to the Configuration Cheat Sheet, and
 - Adds extended information to External Renderers section.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>

* Drop extraneous length check in newMarkupSanitizer(...)

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>

* Fix plural ELEMENT and ALLOW_ATTR in docs

These were left over from their initial names. Make them singular to
conform with the current expectations.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
2019-12-07 14:49:04 -05:00
..
csv Detect delimiter in CSV rendering (#7869) 2019-08-16 01:09:50 +03:00
external Better logging (#6038) (#6095) 2019-04-02 08:48:31 +01:00
markdown Convert EOL to UNIX-style to render MD properly (#8925) 2019-11-13 03:27:11 +01:00
mdstripper Rewrite markdown rendering to blackfriday v2 and rewrite orgmode rendering to go-org (#8560) 2019-10-31 01:06:25 +00:00
orgmode Update go-org to optimize code (#8824) 2019-11-05 16:39:03 +08:00
html.go Alternate syntax for cross references (#9116) 2019-12-01 15:57:05 +02:00
html_internal_test.go Alternate syntax for cross references (#9116) 2019-12-01 15:57:05 +02:00
html_test.go Rewrite markdown rendering to blackfriday v2 and rewrite orgmode rendering to go-org (#8560) 2019-10-31 01:06:25 +00:00
markup.go Support inline rendering of CUSTOM_URL_SCHEMES (#8496) 2019-10-15 02:31:09 +01:00
markup_test.go Prioritize "readme.md" (#5691) 2019-01-14 14:15:06 -05:00
sanitizer.go Markdown: Sanitizier Configuration (#9075) 2019-12-07 14:49:04 -05:00
sanitizer_test.go Allow kbd tags (#9245) 2019-12-03 14:02:41 -05:00