repo flag to allow raw html
This commit is contained in:
parent
2e0332618b
commit
4468b26309
9
post.go
9
post.go
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"github.com/yuin/goldmark"
|
"github.com/yuin/goldmark"
|
||||||
"github.com/yuin/goldmark/extension"
|
"github.com/yuin/goldmark/extension"
|
||||||
"github.com/yuin/goldmark/parser"
|
"github.com/yuin/goldmark/parser"
|
||||||
|
"github.com/yuin/goldmark/renderer/html"
|
||||||
"gopkg.in/yaml.v2"
|
"gopkg.in/yaml.v2"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -80,7 +81,15 @@ func (post Post) MarkdownData() (bytes.Buffer, PostMeta) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
options := goldmark.WithRendererOptions()
|
||||||
|
if post.user.repo.AllowRawHtml() {
|
||||||
|
options = goldmark.WithRendererOptions(
|
||||||
|
html.WithUnsafe(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
markdown := goldmark.New(
|
markdown := goldmark.New(
|
||||||
|
options,
|
||||||
goldmark.WithExtensions(
|
goldmark.WithExtensions(
|
||||||
// meta.Meta,
|
// meta.Meta,
|
||||||
extension.GFM,
|
extension.GFM,
|
||||||
|
|
|
||||||
38
post_test.go
38
post_test.go
|
|
@ -3,6 +3,7 @@ package owl_test
|
||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -84,3 +85,40 @@ func TestDraftInMetaData(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestNoRawHTMLIfDisallowedByRepo(t *testing.T) {
|
||||||
|
repo := getTestRepo()
|
||||||
|
user, _ := repo.CreateUser("testuser")
|
||||||
|
post, _ := user.CreateNewPost("testpost")
|
||||||
|
content := "---\n"
|
||||||
|
content += "title: test\n"
|
||||||
|
content += "draft: true\n"
|
||||||
|
content += "---\n"
|
||||||
|
content += "\n"
|
||||||
|
content += "<script>alert('foo')</script>\n"
|
||||||
|
os.WriteFile(post.ContentFile(), []byte(content), 0644)
|
||||||
|
html, _ := post.MarkdownData()
|
||||||
|
html_str := html.String()
|
||||||
|
if strings.Contains(html_str, "<script>") {
|
||||||
|
t.Error("HTML should not be allowed")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestRawHTMLIfAllowedByRepo(t *testing.T) {
|
||||||
|
repo := getTestRepo()
|
||||||
|
repo.SetAllowRawHtml(true)
|
||||||
|
user, _ := repo.CreateUser("testuser")
|
||||||
|
post, _ := user.CreateNewPost("testpost")
|
||||||
|
content := "---\n"
|
||||||
|
content += "title: test\n"
|
||||||
|
content += "draft: true\n"
|
||||||
|
content += "---\n"
|
||||||
|
content += "\n"
|
||||||
|
content += "<script>alert('foo')</script>\n"
|
||||||
|
os.WriteFile(post.ContentFile(), []byte(content), 0644)
|
||||||
|
html, _ := post.MarkdownData()
|
||||||
|
html_str := html.String()
|
||||||
|
if !strings.Contains(html_str, "<script>") {
|
||||||
|
t.Error("HTML should be allowed")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ type Repository struct {
|
||||||
name string
|
name string
|
||||||
single_user_mode bool
|
single_user_mode bool
|
||||||
active_user string
|
active_user string
|
||||||
|
allow_raw_html bool
|
||||||
}
|
}
|
||||||
|
|
||||||
type RepoConfig struct {
|
type RepoConfig struct {
|
||||||
|
|
@ -81,6 +82,14 @@ func OpenSingleUserRepo(name string, user_name string) (Repository, error) {
|
||||||
return repo, nil
|
return repo, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (repo Repository) AllowRawHtml() bool {
|
||||||
|
return repo.allow_raw_html
|
||||||
|
}
|
||||||
|
|
||||||
|
func (repo *Repository) SetAllowRawHtml(allow bool) {
|
||||||
|
repo.allow_raw_html = allow
|
||||||
|
}
|
||||||
|
|
||||||
func (repo *Repository) SetSingleUser(user User) {
|
func (repo *Repository) SetSingleUser(user User) {
|
||||||
repo.single_user_mode = true
|
repo.single_user_mode = true
|
||||||
repo.active_user = user.name
|
repo.active_user = user.name
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue