Skip to content

Commit

Permalink
Allow to specify colors for text in markup (go-gitea#20363)
Browse files Browse the repository at this point in the history 
`<span style="color: red">Hello World!</span>` will now be accepted by
Bluemonday, other properties are still disallowed by Bluemonday.
  • Loading branch information
Gusted authored and Sysoev, Vladimir committed Aug 10, 2022
1 parent 17bd44e commit 8563629
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
6 changes: 6 additions & 0 deletions modules/markup/sanitizer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,12 @@ func createDefaultPolicy() *bluemonday.Policy {
// Allow icons, emojis, chroma syntax and keyword markup on span
policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(emoji))$|^([a-z][a-z0-9]{0,2})$|^` + keywordClass + `$`)).OnElements("span")

// Allow 'style' attribute on text elements.
policy.AllowAttrs("style").OnElements("span", "p")

// Allow 'color' property for the style attribute on text elements.
policy.AllowStyles("color").OnElements("span", "p")

// Allow generally safe attributes
generalSafeAttrs := []string{
"abbr", "accept", "accept-charset",
Expand Down
8 changes: 8 additions & 0 deletions modules/markup/sanitizer_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,14 @@ func Test_Sanitizer(t *testing.T) {
`<input type="checkbox" disabled=""/>unchecked`, `<input type="checkbox" disabled=""/>unchecked`,
`<span class="emoji dropdown">NAUGHTY</span>`, `<span>NAUGHTY</span>`,
`<span class="emoji">contents</span>`, `<span class="emoji">contents</span>`,

// Color property
`<span style="color: red">Hello World</span>`, `<span style="color: red">Hello World</span>`,
`<p style="color: red">Hello World</p>`, `<p style="color: red">Hello World</p>`,
`<code style="color: red">Hello World</code>`, `<code>Hello World</code>`,
`<span style="bad-color: red">Hello World</span>`, `<span>Hello World</span>`,
`<p style="bad-color: red">Hello World</p>`, `<p>Hello World</p>`,
`<code style="bad-color: red">Hello World</code>`, `<code>Hello World</code>`,
}

for i := 0; i < len(testCases); i += 2 {
Expand Down

0 comments on commit 8563629

Please sign in to comment.