diff --git a/models/issues/comment.go b/models/issues/comment.go index c7b22f3cca073..da91a83384ec2 100644 --- a/models/issues/comment.go +++ b/models/issues/comment.go @@ -8,6 +8,7 @@ package issues import ( "context" "fmt" + "html/template" "strconv" "unicode/utf8" @@ -259,8 +260,8 @@ type Comment struct { CommitID int64 Line int64 // - previous line / + proposed line TreePath string - Content string `xorm:"LONGTEXT"` - RenderedContent string `xorm:"-"` + Content string `xorm:"LONGTEXT"` + RenderedContent template.HTML `xorm:"-"` // Path represents the 4 lines of code cemented by this comment Patch string `xorm:"-"` diff --git a/models/issues/issue.go b/models/issues/issue.go index 90aad10bb9001..563a780dcb134 100644 --- a/models/issues/issue.go +++ b/models/issues/issue.go @@ -7,6 +7,7 @@ package issues import ( "context" "fmt" + "html/template" "regexp" "slices" @@ -105,7 +106,7 @@ type Issue struct { OriginalAuthorID int64 `xorm:"index"` Title string `xorm:"name"` Content string `xorm:"LONGTEXT"` - RenderedContent string `xorm:"-"` + RenderedContent template.HTML `xorm:"-"` Labels []*Label `xorm:"-"` MilestoneID int64 `xorm:"INDEX"` Milestone *Milestone `xorm:"-"` diff --git a/models/issues/milestone.go b/models/issues/milestone.go index f663d42fe92bc..ea52a64c81be8 100644 --- a/models/issues/milestone.go +++ b/models/issues/milestone.go @@ -6,6 +6,7 @@ package issues import ( "context" "fmt" + "html/template" "strings" "code.gitea.io/gitea/models/db" @@ -47,8 +48,8 @@ type Milestone struct { RepoID int64 `xorm:"INDEX"` Repo *repo_model.Repository `xorm:"-"` Name string - Content string `xorm:"TEXT"` - RenderedContent string `xorm:"-"` + Content string `xorm:"TEXT"` + RenderedContent template.HTML `xorm:"-"` IsClosed bool NumIssues int NumClosedIssues int diff --git a/models/project/project.go b/models/project/project.go index d2fca6cdc8a8a..42b06e58c93f1 100644 --- a/models/project/project.go +++ b/models/project/project.go @@ -6,6 +6,7 @@ package project import ( "context" "fmt" + "html/template" "code.gitea.io/gitea/models/db" repo_model "code.gitea.io/gitea/models/repo" @@ -100,7 +101,7 @@ type Project struct { CardType CardType Type Type - RenderedContent string `xorm:"-"` + RenderedContent template.HTML `xorm:"-"` CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` diff --git a/models/repo/release.go b/models/repo/release.go index 1f37f11b2e383..9729e2baae6a6 100644 --- a/models/repo/release.go +++ b/models/repo/release.go @@ -7,6 +7,7 @@ package repo import ( "context" "fmt" + "html/template" "net/url" "sort" "strconv" @@ -79,7 +80,7 @@ type Release struct { NumCommits int64 NumCommitsBehind int64 `xorm:"-"` Note string `xorm:"TEXT"` - RenderedNote string `xorm:"-"` + RenderedNote template.HTML `xorm:"-"` IsDraft bool `xorm:"NOT NULL DEFAULT false"` IsPrerelease bool `xorm:"NOT NULL DEFAULT false"` IsTag bool `xorm:"NOT NULL DEFAULT false"` // will be true only if the record is a tag and has no related releases diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go index cb29431d4be3f..ccb63c6baba8b 100644 --- a/modules/markup/html_test.go +++ b/modules/markup/html_test.go @@ -397,7 +397,7 @@ func TestRender_ShortLinks(t *testing.T) { }, }, input) assert.NoError(t, err) - assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer)) + assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(string(buffer))) buffer, err = markdown.RenderString(&markup.RenderContext{ Ctx: git.DefaultContext, Links: markup.Links{ @@ -407,7 +407,7 @@ func TestRender_ShortLinks(t *testing.T) { IsWiki: true, }, input) assert.NoError(t, err) - assert.Equal(t, strings.TrimSpace(expectedWiki), strings.TrimSpace(buffer)) + assert.Equal(t, strings.TrimSpace(expectedWiki), strings.TrimSpace(string(buffer))) } mediatree := util.URLJoin(markup.TestRepoURL, "media", "master") @@ -510,7 +510,7 @@ func TestRender_RelativeImages(t *testing.T) { Metas: localMetas, }, input) assert.NoError(t, err) - assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer)) + assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(string(buffer))) buffer, err = markdown.RenderString(&markup.RenderContext{ Ctx: git.DefaultContext, Links: markup.Links{ @@ -520,7 +520,7 @@ func TestRender_RelativeImages(t *testing.T) { IsWiki: true, }, input) assert.NoError(t, err) - assert.Equal(t, strings.TrimSpace(expectedWiki), strings.TrimSpace(buffer)) + assert.Equal(t, strings.TrimSpace(expectedWiki), strings.TrimSpace(string(buffer))) } rawwiki := util.URLJoin(markup.TestRepoURL, "wiki", "raw") diff --git a/modules/markup/markdown/markdown.go b/modules/markup/markdown/markdown.go index 771162b9a3f12..f0b1afa27e309 100644 --- a/modules/markup/markdown/markdown.go +++ b/modules/markup/markdown/markdown.go @@ -6,6 +6,7 @@ package markdown import ( "fmt" + "html/template" "io" "strings" "sync" @@ -262,12 +263,12 @@ func Render(ctx *markup.RenderContext, input io.Reader, output io.Writer) error } // RenderString renders Markdown string to HTML with all specific handling stuff and return string -func RenderString(ctx *markup.RenderContext, content string) (string, error) { +func RenderString(ctx *markup.RenderContext, content string) (template.HTML, error) { var buf strings.Builder if err := Render(ctx, strings.NewReader(content), &buf); err != nil { return "", err } - return buf.String(), nil + return template.HTML(buf.String()), nil } // RenderRaw renders Markdown to HTML without handling special links. diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go index bdf4011fa2486..f19e1c4663e5e 100644 --- a/modules/markup/markdown/markdown_test.go +++ b/modules/markup/markdown/markdown_test.go @@ -5,6 +5,7 @@ package markdown_test import ( "context" + "html/template" "os" "strings" "testing" @@ -58,7 +59,7 @@ func TestRender_StandardLinks(t *testing.T) { }, }, input) assert.NoError(t, err) - assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer)) + assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(string(buffer))) buffer, err = markdown.RenderString(&markup.RenderContext{ Ctx: git.DefaultContext, @@ -68,7 +69,7 @@ func TestRender_StandardLinks(t *testing.T) { IsWiki: true, }, input) assert.NoError(t, err) - assert.Equal(t, strings.TrimSpace(expectedWiki), strings.TrimSpace(buffer)) + assert.Equal(t, strings.TrimSpace(expectedWiki), strings.TrimSpace(string(buffer))) } googleRendered := `
` @@ -93,7 +94,7 @@ func TestRender_Images(t *testing.T) { }, }, input) assert.NoError(t, err) - assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer)) + assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(string(buffer))) } url := "../../.images/src/02/train.jpg" @@ -303,7 +304,7 @@ func TestTotal_RenderWiki(t *testing.T) { IsWiki: true, }, sameCases[i]) assert.NoError(t, err) - assert.Equal(t, answers[i], line) + assert.Equal(t, template.HTML(answers[i]), line) } testCases := []string{ @@ -328,7 +329,7 @@ func TestTotal_RenderWiki(t *testing.T) { IsWiki: true, }, testCases[i]) assert.NoError(t, err) - assert.Equal(t, testCases[i+1], line) + assert.Equal(t, template.HTML(testCases[i+1]), line) } } @@ -348,7 +349,7 @@ func TestTotal_RenderString(t *testing.T) { Metas: localMetas, }, sameCases[i]) assert.NoError(t, err) - assert.Equal(t, answers[i], line) + assert.Equal(t, template.HTML(answers[i]), line) } testCases := []string{} @@ -361,7 +362,7 @@ func TestTotal_RenderString(t *testing.T) { }, }, testCases[i]) assert.NoError(t, err) - assert.Equal(t, testCases[i+1], line) + assert.Equal(t, template.HTML(testCases[i+1]), line) } } @@ -428,7 +429,7 @@ func TestRenderEmojiInLinks_Issue12331(t *testing.T) { ` res, err := markdown.RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, testcase) assert.NoError(t, err) - assert.Equal(t, expected, res) + assert.Equal(t, template.HTML(expected), res) } func TestColorPreview(t *testing.T) { @@ -462,7 +463,7 @@ func TestColorPreview(t *testing.T) { for _, test := range positiveTests { res, err := markdown.RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, test.testcase) assert.NoError(t, err, "Unexpected error in testcase: %q", test.testcase) - assert.Equal(t, test.expected, res, "Unexpected result in testcase %q", test.testcase) + assert.Equal(t, template.HTML(test.expected), res, "Unexpected result in testcase %q", test.testcase) } @@ -529,7 +530,7 @@ func TestMathBlock(t *testing.T) { for _, test := range testcases { res, err := markdown.RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, test.testcase) assert.NoError(t, err, "Unexpected error in testcase: %q", test.testcase) - assert.Equal(t, test.expected, res, "Unexpected result in testcase %q", test.testcase) + assert.Equal(t, template.HTML(test.expected), res, "Unexpected result in testcase %q", test.testcase) } } @@ -567,12 +568,12 @@ foo: bar for _, test := range testcases { res, err := markdown.RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, test.testcase) assert.NoError(t, err, "Unexpected error in testcase: %q", test.testcase) - assert.Equal(t, test.expected, res, "Unexpected result in testcase %q", test.testcase) + assert.Equal(t, template.HTML(test.expected), res, "Unexpected result in testcase %q", test.testcase) } } func TestRenderLinks(t *testing.T) { - input := ` space @mention-user + input := ` space @mention-user${SPACE}${SPACE} /just/a/path.bin https://example.com/file.bin [local link](file.bin) @@ -593,8 +594,9 @@ com 88fc37a3c0a4dda553bdcfc80c178a58247f42fb mit mail@domain.com @mention-user test #123 - space + space${SPACE}${SPACE} ` + input = strings.ReplaceAll(input, "${SPACE}", " ") // replace ${SPACE} with " ", to avoid some editor's auto-trimming cases := []struct { Links markup.Links IsWiki bool @@ -957,6 +959,6 @@ space for i, c := range cases { result, err := markdown.RenderString(&markup.RenderContext{Ctx: context.Background(), Links: c.Links, IsWiki: c.IsWiki}, input) assert.NoError(t, err, "Unexpected error in testcase: %v", i) - assert.Equal(t, c.Expected, result, "Unexpected result in testcase %v", i) + assert.Equal(t, template.HTML(c.Expected), result, "Unexpected result in testcase %v", i) } } diff --git a/modules/templates/util_render.go b/modules/templates/util_render.go index 1d9635410b370..cdff31698ca13 100644 --- a/modules/templates/util_render.go +++ b/modules/templates/util_render.go @@ -208,7 +208,7 @@ func RenderMarkdownToHtml(ctx context.Context, input string) template.HTML { //n if err != nil { log.Error("RenderString: %v", err) } - return template.HTML(output) + return output } func RenderLabels(ctx context.Context, labels []*issues_model.Label, repoLink string) template.HTML { diff --git a/modules/templates/util_string.go b/modules/templates/util_string.go index 2771b1e223f74..479b755da1cd6 100644 --- a/modules/templates/util_string.go +++ b/modules/templates/util_string.go @@ -4,6 +4,8 @@ package templates import ( + "fmt" + "html/template" "strings" "code.gitea.io/gitea/modules/base" @@ -17,6 +19,19 @@ func NewStringUtils() *StringUtils { return &stringUtils } +func (su *StringUtils) ToString(v any) string { + switch v := v.(type) { + case string: + return v + case template.HTML: + return string(v) + case fmt.Stringer: + return v.String() + default: + return fmt.Sprint(v) + } +} + func (su *StringUtils) HasPrefix(s, prefix string) bool { return strings.HasPrefix(s, prefix) } diff --git a/routers/web/feed/convert.go b/routers/web/feed/convert.go index 1e040ed819eb6..53c73837e65d2 100644 --- a/routers/web/feed/convert.go +++ b/routers/web/feed/convert.go @@ -50,7 +50,7 @@ func toReleaseLink(ctx *context.Context, act *activities_model.Action) string { // renderMarkdown creates a minimal markdown render context from an action. // If rendering fails, the original markdown text is returned -func renderMarkdown(ctx *context.Context, act *activities_model.Action, content string) string { +func renderMarkdown(ctx *context.Context, act *activities_model.Action, content string) template.HTML { markdownCtx := &markup.RenderContext{ Ctx: ctx, Links: markup.Links{ @@ -64,7 +64,7 @@ func renderMarkdown(ctx *context.Context, act *activities_model.Action, content } markdown, err := markdown.RenderString(markdownCtx, content) if err != nil { - return content + return templates.Str2html(content) } return markdown } @@ -74,7 +74,11 @@ func feedActionsToFeedItems(ctx *context.Context, actions activities_model.Actio for _, act := range actions { act.LoadActUser(ctx) - var content, desc, title string + // TODO: the code seems quite strange (maybe not right) + // sometimes it uses text content but sometimes it uses HTML content + // it should clearly defines which kind of content it should use for the feed items: plan text or rich HTML + var title, desc string + var content template.HTML link := &feeds.Link{Href: act.GetCommentHTMLURL(ctx)} @@ -228,7 +232,7 @@ func feedActionsToFeedItems(ctx *context.Context, actions activities_model.Actio desc = act.GetIssueTitle(ctx) comment := act.GetIssueInfos()[1] if len(comment) != 0 { - desc += "\n\n" + renderMarkdown(ctx, act, comment) + desc += "\n\n" + string(renderMarkdown(ctx, act, comment)) } case activities_model.ActionMergePullRequest, activities_model.ActionAutoMergePullRequest: desc = act.GetIssueInfos()[1] @@ -239,7 +243,7 @@ func feedActionsToFeedItems(ctx *context.Context, actions activities_model.Actio } } if len(content) == 0 { - content = desc + content = templates.Str2html(desc) } items = append(items, &feeds.Item{ @@ -253,7 +257,7 @@ func feedActionsToFeedItems(ctx *context.Context, actions activities_model.Actio }, Id: fmt.Sprintf("%v: %v", strconv.FormatInt(act.ID, 10), link.Href), Created: act.CreatedUnix.AsTime(), - Content: content, + Content: string(content), }) } return items, err @@ -282,7 +286,8 @@ func releasesToFeedItems(ctx *context.Context, releases []*repo_model.Release, i return nil, err } - var title, content string + var title string + var content template.HTML if rel.IsTag { title = rel.TagName @@ -311,7 +316,7 @@ func releasesToFeedItems(ctx *context.Context, releases []*repo_model.Release, i Email: rel.Publisher.GetEmail(), }, Id: fmt.Sprintf("%v: %v", strconv.FormatInt(rel.ID, 10), link.Href), - Content: content, + Content: string(content), }) } diff --git a/routers/web/feed/profile.go b/routers/web/feed/profile.go index 3feca68d61a2d..3b61314902dfd 100644 --- a/routers/web/feed/profile.go +++ b/routers/web/feed/profile.go @@ -58,7 +58,7 @@ func showUserFeed(ctx *context.Context, formatType string) { feed := &feeds.Feed{ Title: ctx.Locale.TrString("home.feed_of", ctx.ContextUser.DisplayName()), Link: &feeds.Link{Href: ctx.ContextUser.HTMLURL()}, - Description: ctxUserDescription, + Description: string(ctxUserDescription), Created: time.Now(), } diff --git a/routers/web/org/projects.go b/routers/web/org/projects.go index f062127d24fd3..5924ff57b14c7 100644 --- a/routers/web/org/projects.go +++ b/routers/web/org/projects.go @@ -20,6 +20,7 @@ import ( "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/json" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/templates" "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web" shared_user "code.gitea.io/gitea/routers/web/shared/user" @@ -104,7 +105,7 @@ func Projects(ctx *context.Context) { } for _, project := range projects { - project.RenderedContent = project.Description + project.RenderedContent = templates.Str2html(project.Description) // FIXME: is it right? why not render? } err = shared_user.LoadHeaderCount(ctx) @@ -395,7 +396,7 @@ func ViewProject(ctx *context.Context) { } } - project.RenderedContent = project.Description + project.RenderedContent = templates.Str2html(project.Description) // FIXME: is it right? why not render? ctx.Data["LinkedPRs"] = linkedPrsMap ctx.Data["PageIsViewProjects"] = true ctx.Data["CanWriteProjects"] = canWriteProjects(ctx) diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go index 46d48c46381a8..f59e670d31b95 100644 --- a/routers/web/repo/issue.go +++ b/routers/web/repo/issue.go @@ -42,6 +42,7 @@ import ( repo_module "code.gitea.io/gitea/modules/repository" "code.gitea.io/gitea/modules/setting" api "code.gitea.io/gitea/modules/structs" + "code.gitea.io/gitea/modules/templates" "code.gitea.io/gitea/modules/templates/vars" "code.gitea.io/gitea/modules/timeutil" "code.gitea.io/gitea/modules/upload" @@ -1759,7 +1760,7 @@ func ViewIssue(ctx *context.Context) { // so "|" is used as delimeter to mark the new format if comment.Content[0] != '|' { // handle old time comments that have formatted text stored - comment.RenderedContent = comment.Content + comment.RenderedContent = templates.Str2html(comment.Content) comment.Content = "" } else { // else it's just a duration in seconds to pass on to the frontend diff --git a/routers/web/repo/release.go b/routers/web/repo/release.go index b920ffb6dd04e..05c3451ebfe51 100644 --- a/routers/web/repo/release.go +++ b/routers/web/repo/release.go @@ -112,7 +112,7 @@ func getReleaseInfos(ctx *context.Context, opts *repo_model.FindReleasesOptions) cacheUsers[r.PublisherID] = r.Publisher } - r.Note, err = markdown.RenderString(&markup.RenderContext{ + r.RenderedNote, err = markdown.RenderString(&markup.RenderContext{ Links: markup.Links{ Base: ctx.Repo.RepoLink, }, diff --git a/templates/mail/release.tmpl b/templates/mail/release.tmpl index 62a16573c6b2a..90a3caa4c532e 100644 --- a/templates/mail/release.tmpl +++ b/templates/mail/release.tmpl @@ -22,7 +22,7 @@ {{.locale.Tr "mail.release.note"}}