Add multiple rule support to markup sanitizer

Resolves: 9888 Signed-off-by: Alexander Scheel <[email protected]>
go-gitea · Apr 19, 2020 · 4042adb · 4042adb
1 parent 58e779a
commit 4042adb
Showing 1 changed file with 25 additions and 33 deletions.
diff --git a/modules/setting/markup.go b/modules/setting/markup.go
@@ -44,7 +44,7 @@ func newMarkup() {
  continue
  }
 
- if name == "sanitizer" {
+ if name == "sanitizer" || strings.HasPrefix(name, "sanitizer.") {
  newMarkupSanitizer(name, sec)
  } else {
  newMarkupRenderer(name, sec)
@@ -67,44 +67,36 @@ func newMarkupSanitizer(name string, sec *ini.Section) {
  return
  }
 
- elements := sec.Key("ELEMENT").ValueWithShadows()
- allowAttrs := sec.Key("ALLOW_ATTR").ValueWithShadows()
- regexps := sec.Key("REGEXP").ValueWithShadows()
+ elements := sec.Key("ELEMENT").Value()
+ allowAttrs := sec.Key("ALLOW_ATTR").Value()
+ regexpStr := sec.Key("REGEXP").Value()
 
- if len(elements) != len(allowAttrs) ||
- len(elements) != len(regexps) {
- log.Error("All three keys in markup.%s (ELEMENT, ALLOW_ATTR, REGEXP) must be defined the same number of times! Got %d, %d, and %d respectively.", name, len(elements), len(allowAttrs), len(regexps))
+ if regexpStr == "" {
+ rule := MarkupSanitizerRule{
+ Element: elements,
+ AllowAttr: allowAttrs,
+ Regexp: nil,
+ }
+
+ ExternalSanitizerRules = append(ExternalSanitizerRules, rule)
  return
  }
 
- ExternalSanitizerRules = make([]MarkupSanitizerRule, 0, len(elements))
-
- for index, pattern := range regexps {
- if pattern == "" {
- rule := MarkupSanitizerRule{
- Element: elements[index],
- AllowAttr: allowAttrs[index],
- Regexp: nil,
- }
- ExternalSanitizerRules = append(ExternalSanitizerRules, rule)
- continue
- }
-
- // Validate when parsing the config that this is a valid regular
- // expression. Then we can use regexp.MustCompile(...) later.
- compiled, err := regexp.Compile(pattern)
- if err != nil {
- log.Error("In module.%s: REGEXP at definition %d failed to compile: %v", name, index+1, err)
- continue
- }
+ // Validate when parsing the config that this is a valid regular
+ // expression. Then we can use regexp.MustCompile(...) later.
+ compiled, err := regexp.Compile(regexpStr)
+ if err != nil {
+ log.Error("In module.%s: REGEXP (%s) at definition %d failed to compile: %v", regexpStr, name, err)
+ return
+ }
 
- rule := MarkupSanitizerRule{
- Element: elements[index],
- AllowAttr: allowAttrs[index],
- Regexp: compiled,
- }
- ExternalSanitizerRules = append(ExternalSanitizerRules, rule)
+ rule := MarkupSanitizerRule{
+ Element: elements,
+ AllowAttr: allowAttrs,
+ Regexp: compiled,
  }
+
+ ExternalSanitizerRules = append(ExternalSanitizerRules, rule)
 }
 
 func newMarkupRenderer(name string, sec *ini.Section) {