repo flag to allow raw html

This commit is contained in:
Niko Abeler 2022-08-21 11:31:48 +02:00
parent 2e0332618b
commit 4468b26309
3 changed files with 56 additions and 0 deletions

View File

@ -8,6 +8,7 @@ import (
"github.com/yuin/goldmark"
"github.com/yuin/goldmark/extension"
"github.com/yuin/goldmark/parser"
"github.com/yuin/goldmark/renderer/html"
"gopkg.in/yaml.v2"
)
@ -80,7 +81,15 @@ func (post Post) MarkdownData() (bytes.Buffer, PostMeta) {
}
}
options := goldmark.WithRendererOptions()
if post.user.repo.AllowRawHtml() {
options = goldmark.WithRendererOptions(
html.WithUnsafe(),
)
}
markdown := goldmark.New(
options,
goldmark.WithExtensions(
// meta.Meta,
extension.GFM,

View File

@ -3,6 +3,7 @@ package owl_test
import (
"os"
"path"
"strings"
"testing"
)
@ -84,3 +85,40 @@ func TestDraftInMetaData(t *testing.T) {
}
}
func TestNoRawHTMLIfDisallowedByRepo(t *testing.T) {
repo := getTestRepo()
user, _ := repo.CreateUser("testuser")
post, _ := user.CreateNewPost("testpost")
content := "---\n"
content += "title: test\n"
content += "draft: true\n"
content += "---\n"
content += "\n"
content += "<script>alert('foo')</script>\n"
os.WriteFile(post.ContentFile(), []byte(content), 0644)
html, _ := post.MarkdownData()
html_str := html.String()
if strings.Contains(html_str, "<script>") {
t.Error("HTML should not be allowed")
}
}
func TestRawHTMLIfAllowedByRepo(t *testing.T) {
repo := getTestRepo()
repo.SetAllowRawHtml(true)
user, _ := repo.CreateUser("testuser")
post, _ := user.CreateNewPost("testpost")
content := "---\n"
content += "title: test\n"
content += "draft: true\n"
content += "---\n"
content += "\n"
content += "<script>alert('foo')</script>\n"
os.WriteFile(post.ContentFile(), []byte(content), 0644)
html, _ := post.MarkdownData()
html_str := html.String()
if !strings.Contains(html_str, "<script>") {
t.Error("HTML should be allowed")
}
}

View File

@ -19,6 +19,7 @@ type Repository struct {
name string
single_user_mode bool
active_user string
allow_raw_html bool
}
type RepoConfig struct {
@ -81,6 +82,14 @@ func OpenSingleUserRepo(name string, user_name string) (Repository, error) {
return repo, nil
}
func (repo Repository) AllowRawHtml() bool {
return repo.allow_raw_html
}
func (repo *Repository) SetAllowRawHtml(allow bool) {
repo.allow_raw_html = allow
}
func (repo *Repository) SetSingleUser(user User) {
repo.single_user_mode = true
repo.active_user = user.name