-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Santiation fix from Gogs - Add code-injection checks * Fix SSH-breakage
- Loading branch information
Showing
7 changed files
with
115 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
// Copyright 2017 The Gitea Authors. All rights reserved. | ||
// Copyright 2017 The Gogs Authors. All rights reserved. | ||
// Use of this source code is governed by a MIT-style | ||
// license that can be found in the LICENSE file. | ||
|
||
package markdown | ||
|
||
import ( | ||
"regexp" | ||
"sync" | ||
|
||
"code.gitea.io/gitea/modules/setting" | ||
|
||
"github.com/microcosm-cc/bluemonday" | ||
) | ||
|
||
// Sanitizer is a protection wrapper of *bluemonday.Policy which does not allow | ||
// any modification to the underlying policies once it's been created. | ||
type Sanitizer struct { | ||
policy *bluemonday.Policy | ||
init sync.Once | ||
} | ||
|
||
var sanitizer = &Sanitizer{} | ||
|
||
// NewSanitizer initializes sanitizer with allowed attributes based on settings. | ||
// Multiple calls to this function will only create one instance of Sanitizer during | ||
// entire application lifecycle. | ||
func NewSanitizer() { | ||
sanitizer.init.Do(func() { | ||
sanitizer.policy = bluemonday.UGCPolicy() | ||
// We only want to allow HighlightJS specific classes for code blocks | ||
sanitizer.policy.AllowAttrs("class").Matching(regexp.MustCompile(`^language-\w+$`)).OnElements("code") | ||
|
||
// Checkboxes | ||
sanitizer.policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") | ||
sanitizer.policy.AllowAttrs("checked", "disabled").OnElements("input") | ||
|
||
// Custom URL-Schemes | ||
sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) | ||
|
||
}) | ||
} | ||
|
||
// Sanitize takes a string that contains a HTML fragment or document and applies policy whitelist. | ||
func Sanitize(s string) string { | ||
if sanitizer.policy == nil { | ||
NewSanitizer() | ||
} | ||
return sanitizer.policy.Sanitize(s) | ||
} | ||
|
||
// SanitizeBytes takes a []byte slice that contains a HTML fragment or document and applies policy whitelist. | ||
func SanitizeBytes(b []byte) []byte { | ||
if len(b) == 0 { | ||
// nothing to sanitize | ||
return b | ||
} | ||
if sanitizer.policy == nil { | ||
NewSanitizer() | ||
} | ||
return sanitizer.policy.SanitizeBytes(b) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
// Copyright 2017 The Gitea Authors. All rights reserved. | ||
// Copyright 2017 The Gogs Authors. All rights reserved. | ||
// Use of this source code is governed by a MIT-style | ||
// license that can be found in the LICENSE file. | ||
|
||
package markdown | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
func Test_Sanitizer(t *testing.T) { | ||
NewSanitizer() | ||
testCases := []string{ | ||
// Regular | ||
`<a onblur="alert(secret)" href="http://www.google.com">Google</a>`, `<a href="http://www.google.com" rel="nofollow">Google</a>`, | ||
|
||
// Code highlighting class | ||
`<code class="random string"></code>`, `<code></code>`, | ||
`<code class="language-random ui tab active menu attached animating sidebar following bar center"></code>`, `<code></code>`, | ||
`<code class="language-go"></code>`, `<code class="language-go"></code>`, | ||
|
||
// Input checkbox | ||
`<input type="hidden">`, ``, | ||
`<input type="checkbox">`, `<input type="checkbox">`, | ||
`<input checked disabled autofocus>`, `<input checked="" disabled="">`, | ||
|
||
// Code highlight injection | ||
`<code class="language-random ui tab active menu attached animating sidebar following bar center"></code>`, `<code></code>`, | ||
`<code class="language-lol ui tab active menu attached animating sidebar following bar center"> | ||
<code class="language-lol ui container input huge basic segment center"> </code> | ||
<img src="https://try.gogs.io/img/favicon.png" width="200" height="200"> | ||
<code class="language-lol ui container input massive basic segment">Hello there! Something has gone wrong, we are working on it.</code> | ||
<code class="language-lol ui container input huge basic segment">In the meantime, play a game with us at <a href="http://example.com/">example.com</a>.</code> | ||
</code>`, "<code>\n<code>\u00a0</code>\n<img src=\"https://try.gogs.io/img/favicon.png\" width=\"200\" height=\"200\">\n<code>Hello there! Something has gone wrong, we are working on it.</code>\n<code>In the meantime, play a game with us at\u00a0<a href=\"http://example.com/\" rel=\"nofollow\">example.com</a>.</code>\n</code>", | ||
} | ||
|
||
for i := 0; i < len(testCases); i += 2 { | ||
assert.Equal(t, testCases[i+1], Sanitize(testCases[i])) | ||
assert.Equal(t, testCases[i+1], string(SanitizeBytes([]byte(testCases[i])))) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters