diff --git a/models/repo.go b/models/repo.go index fb7bbbd036..845c1b75a9 100644 --- a/models/repo.go +++ b/models/repo.go @@ -8,9 +8,12 @@ import ( "errors" "fmt" "io/ioutil" + "html" + "html/template" "os" "path" "path/filepath" + "regexp" "runtime" "sort" "strings" @@ -46,6 +49,10 @@ var ( LanguageIgns, Licenses []string ) +var ( + DescriptionPattern = regexp.MustCompile(`https?://\S+`) +) + // getAssetList returns corresponding asset list in 'conf'. func getAssetList(prefix string) []string { assets := make([]string, 0, 15) @@ -145,6 +152,16 @@ func (repo *Repository) GetOwner() (err error) { return err } +func (repo *Repository) DescriptionHtml() template.HTML { + sanitize := func(s string) string { + // TODO(nuss-justin): Improve sanitization. Strip all tags? + ss := html.EscapeString(s) + + return fmt.Sprintf(`%s`, ss, ss) + } + return template.HTML(DescriptionPattern.ReplaceAllStringFunc(repo.Description, sanitize)) +} + // IsRepositoryExist returns true if the repository with given name under user has already existed. func IsRepositoryExist(u *User, repoName string) (bool, error) { repo := Repository{OwnerId: u.Id} @@ -1000,4 +1017,4 @@ func IsWatching(uid, rid int64) bool { func ForkRepository(repoName string, uid int64) { -} +} \ No newline at end of file diff --git a/templates/repo/nav.tmpl b/templates/repo/nav.tmpl index ea7799b351..b689e44299 100644 --- a/templates/repo/nav.tmpl +++ b/templates/repo/nav.tmpl @@ -3,7 +3,7 @@
{{.Repository.Description}}{{if .Repository.Website}} {{.Repository.Website}}{{end}}
+{{.Repository.DescriptionHtml}}{{if .Repository.Website}} {{.Repository.Website}}{{end}}