1
0
mirror of https://github.com/go-gitea/gitea.git synced 2025-01-03 14:57:55 -05:00
gitea/modules/markup
KN4CK3R a09b40de8d
Prevent double sanitize ()
* Prevent double sanitize.
* Use SanitizeReaderToWriter.

At the moment `actualRender` uses `SanitizeReader` to sanitize the output. But `SanitizeReader` gets called in `markup.render` too so the output gets sanitized twice.

I moved the `SanitizeReader` call into `RenderRaw` because this method does not use `markup.render`. I would like to remove the `RenderRaw`/`RenderRawString` methods too because they are only called from tests, the fuzzer and the `/markup/raw` api endpoint. This endpoint is not in use so I think we could remove them. If we really in the future need a method to render markdown without PostProcessing we could achieve this with a more flexible `renderer.NeedPostProcess` method.
2021-11-19 18:46:47 +08:00
..
common Fix some lints () 2021-10-17 20:47:12 +01:00
csv Properly determine CSV delimiter () 2021-10-30 23:50:40 +08:00
external refactor: move from io/ioutil to io and os package () 2021-09-22 13:38:34 +08:00
markdown Prevent double sanitize () 2021-11-19 18:46:47 +08:00
mdstripper A better go code formatter, and now make fmt can run in Windows () 2021-11-17 20:34:35 +08:00
orgmode Prevent panic in Org mode HighlightCodeBlock () 2021-09-24 14:29:32 +01:00
html_internal_test.go Fix issue markdown bugs () 2021-10-23 21:38:12 +08:00
html_test.go Fix NPE in fuzzer () 2021-08-13 00:22:05 +02:00
html.go Fix issue markdown bugs () 2021-10-23 21:38:12 +08:00
renderer_test.go A better go code formatter, and now make fmt can run in Windows () 2021-11-17 20:34:35 +08:00
renderer.go Prevent double sanitize () 2021-11-19 18:46:47 +08:00
sanitizer_test.go Fix data URI scramble () 2021-06-07 18:55:26 +02:00
sanitizer.go Prevent double sanitize () 2021-11-19 18:46:47 +08:00