Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Markdown: Sanitizier Configuration #9075

Merged
merged 7 commits into from
Dec 7, 2019

Conversation

cipherboy
Copy link
Contributor

Allowing the gitea administrator to configure sanitization policy allows
them to couple external renders and custom templates to support more
markup. In particular, the pandoc renderer allows generating KaTeX
annotations, wrapping them in <span> elements with class math and
either inline or display (depending on whether or not inline or
block mode was requested).

This iteration gives the administrator whitelisting powers; carefully
crafted regexes will thus let through only the desired attributes
necessary to support their custom markup.

Resolves: #9054


  • I have read the contributing guidelines.
  • I have used the DCO sign-off.
  • I have attempted to run unit tests
    • This failed for me on === TestXSSUserFullName (integrations/xss_test.go:17), but master branch also failed for the same test case.
  • I ran make golangci-lint (since make lint seemed to suggest make revive was deprecated):
    bash $ make golangci-lint golangci-lint run --timeout 5m WARN [runner] Can't run linter unused: buildssa: analysis skipped: errors in package: [-: code in directory /home/cipherboy/GitHub/cipherboy/gitea expects import "code.gitea.io/gitea"] WARN [runner] Can't run linter goanalysis_metalinter: assign: failed prerequisites: inspect@_/home/cipherboy/GitHub/cipherboy/gitea $

I'm currently running this on git.cipherboy.com and it works for my use case.

Would you want a test case for this? I'm not familiar with your test setup, so I'd appreciate an example for how I should test this if so.

Screenshot from 2019-11-19 12-04-13

@cipherboy cipherboy force-pushed the markdown-sanitizer-config branch 2 times, most recently from cea4435 to 0f24b7d Compare November 19, 2019 21:27
@codecov-io
Copy link

codecov-io commented Nov 19, 2019

Codecov Report

Merging #9075 into master will decrease coverage by 0.04%.
The diff coverage is 2.53%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #9075      +/-   ##
==========================================
- Coverage   41.06%   41.02%   -0.05%     
==========================================
  Files         556      556              
  Lines       72582    72642      +60     
==========================================
- Hits        29809    29798      -11     
- Misses      39030    39102      +72     
+ Partials     3743     3742       -1
Impacted Files Coverage Δ
modules/setting/markup.go 1.23% <0%> (-5.67%) ⬇️
modules/markup/sanitizer.go 84.61% <25%> (-15.39%) ⬇️
modules/task/migrate.go 25% <0%> (-3.95%) ⬇️
modules/process/manager.go 74.69% <0%> (-3.62%) ⬇️
models/repo_indexer.go 65.94% <0%> (-1.8%) ⬇️
models/error.go 32.67% <0%> (-1.19%) ⬇️
models/repo_list.go 73.14% <0%> (-0.93%) ⬇️
models/repo.go 47.67% <0%> (+0.05%) ⬆️
modules/migrations/gitea.go 9.45% <0%> (+0.63%) ⬆️
modules/migrations/migrate.go 25.4% <0%> (+1.62%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d672206...45963fc. Read the comment docs.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 19, 2019
Copy link
Member

@guillep2k guillep2k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, thank you for your contribution! Please check these comments.

docs/content/doc/advanced/config-cheat-sheet.en-us.md Outdated Show resolved Hide resolved
custom/conf/app.ini.sample Outdated Show resolved Hide resolved
modules/setting/markup.go Outdated Show resolved Hide resolved
modules/setting/markup.go Outdated Show resolved Hide resolved
modules/setting/markup.go Outdated Show resolved Hide resolved
@guillep2k
Copy link
Member

Note: make lint is deprecacted as you've said. I meant to suggest:

make golangci-lint
make revive

They don't go through the same checks: some things pass one and not the other. Anyway, your build is already passing our CI test, which runs those two plus several others.

@cipherboy cipherboy force-pushed the markdown-sanitizer-config branch 3 times, most recently from 491b43d to 8b333c7 Compare November 20, 2019 03:14
@cipherboy
Copy link
Contributor Author

Ah -- I had left one additional log.Fatal that I've removed in this last push.

This should be better now and address all of the above comments.

@cipherboy cipherboy force-pushed the markdown-sanitizer-config branch from 8b333c7 to b230833 Compare November 20, 2019 03:22
custom/conf/app.ini.sample Outdated Show resolved Hide resolved
custom/conf/app.ini.sample Outdated Show resolved Hide resolved
modules/setting/markup.go Outdated Show resolved Hide resolved
modules/setting/markup.go Outdated Show resolved Hide resolved
modules/setting/markup.go Outdated Show resolved Hide resolved
@lunny
Copy link
Member

lunny commented Nov 20, 2019

Maybe set different policy for different render tool is better?

[markup.asciidoc]
ENABLED = false
; List of file extensions that should be rendered by an external command

; policy rule and the set may be redefined multiple times to add multiple
; rules.
;ELEMENT = span
;ALLOW_ATTR = class
;REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+

@lunny
Copy link
Member

lunny commented Nov 20, 2019

Or render tool could override the global one.

@cipherboy
Copy link
Contributor Author

Maybe set different policy for different render tool is better?

I disagree.

IMO, you'd want all policy in one place so that you can see exactly what it is you're allowing. Then you don't have to scroll to different places in the file and parse each set of configuration in your head and compare them; it is all right there.

If one markdown tool adds:

[markup.asciidoc]
ENABLED = true
ELEMENT = span
ALLOW_ATTR = class
REGEXP = 

And another adds:

[markup.pandoc]
ENABLED = true
ELEMENT = span
ALLOW_ATTR = class
REGEXP = ^(info|warning|error)$

Which wins? Is it order dependent? What's the parse order of the separate markup.<UTIL> sections (I'm assuming top->bottom or in random order if the sections are stored in a map, but the ini library is a 3rd party dependency so it is best to treat it as an opaque blob since it isn't specified in the API docs AFAICT)? If the admin added these on separate dates and forgot, how would they be notified of the potentially ambiguous policy (is bluemonday sanitation is order-dependent, i.e., first-added rule wins or last-added rule wins?)? Would we have to parse each policy and ensure that, under bluemonday's interpretation, it'd be unambiguous? etc.

Best to have all policy in one section so that the admin can hopefully craft unambiguous rules, and so that it is easier to fix.

Comments are allowed in the INI file between keys, so if the admin wants to annotate them as applying to given markup, they can do so.

@cipherboy cipherboy force-pushed the markdown-sanitizer-config branch 2 times, most recently from f6f6f2b to 5156b1d Compare November 20, 2019 14:29
@lunny
Copy link
Member

lunny commented Nov 20, 2019

@cipherboy

I mean a render tool could override the default sanitizer configuration. That should be more flexible but it will increase the implementation complicat. I'm also OK with current change.

[markup.sanitizer]
; The following keys can be used multiple times to define sanitation policy rules.
;ELEMENT = span
;ALLOW_ATTR = class
;REGEXP = ^(info|warning|error)$

[markup.asciidoc]
ENABLED = false
; List of file extensions that should be rendered by an external command

; policy rule and the set may be redefined multiple times to add multiple
; rules.
;ELEMENT = span
;ALLOW_ATTR = class
;REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+

@lunny lunny added the type/enhancement An improvement of existing functionality label Nov 20, 2019
@lunny lunny added this to the 1.11.0 milestone Nov 20, 2019
@cipherboy
Copy link
Contributor Author

I mean a render tool could override the default sanitizer configuration. That should be more flexible but it will increase the implementation complicat. I'm also OK with current change.

Ah sorry I missed that reply. Yeah, that's better. I think my points still stand, but your way would let the admin find the right balance between "all global" and "all local".

I don't think it'd be much work to do, I'm just not personally that interested in doing it. :)

(You'd mostly just call newMarkupSanitizer on every markup.* item and add logic to deal with creating/extending ExternalSanitizerRules as necessary based on the number of the rules in this section versus the slice's actual length and capacity.)

Copy link
Member

@guillep2k guillep2k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me 🎉.

If you need to add commits from now on, please try to avoid force-pushing them, so the review process is easier. 😄

modules/setting/markup.go Outdated Show resolved Hide resolved
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 20, 2019
@cipherboy
Copy link
Contributor Author

cipherboy commented Nov 20, 2019

Ah sorry, I tend to be from the crowd that does a habitual master branch update followed by a rebase and squash of any fixes. :)

docs/content/doc/advanced/config-cheat-sheet.en-us.md Outdated Show resolved Hide resolved
return
}

if !haveElement || !haveAttr || !haveRegexp {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couldn't haveRegexp be ignored as your above code?

Copy link
Contributor Author

@cipherboy cipherboy Nov 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what you mean by "as my above code"? The first check is for a completely empty section; there's nothing to do so exit with only a warning.

Per above config-cheat-sheet description for REGEXP: "Must be present but may be empty for unconditional whitelisting of this attribute."

So if it is present but empty, haveRegexp = ini.Section.HasKey("REGEXP") will return true, but pattern = ini.Section.Key("REGEXP").ValueWithShadows()[i] == "" for some i.

This check is thus for if ELEMENT= and HAVEATTR= have been specified, but REGEXP hasn't been. (Well -- strictly it checks for if any haven't been specified having earlier checked that all haven't been specified).

This is because we aren't parsing the ini ourselves. We only have an external library that parses it for us, and gives us parsed results. Particularly, parsed results without any ordering between keys and without knowledge of where a missing key might be.

If we allowed:

[markup.sanitizer]
ELEMENT=span
HAVEATTR=class

The user might later add:

[markup.sanitizer]
ELEMENT=span
HAVEATTR=class
ELEMENT=div
HAVEATTR=class
REGEXP=^(error|warning|info)$

We wouldn't be able to tell which element/attr pair the regex belongs to, because the ini module doesn't expose neighbor key information. That'd surprise the user (a working config + another working config should equal a working config, since we say that we support adding configs to get more rules).

So I maintain this is desired behavior unless there's something I'm missing?

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 29, 2019
@lunny
Copy link
Member

lunny commented Dec 6, 2019

Please resolve the conflicts

Allowing the gitea administrator to configure sanitization policy allows
them to couple external renders and custom templates to support more
markup. In particular, the `pandoc` renderer allows generating KaTeX
annotations, wrapping them in `<span>` elements with class `math` and
either `inline` or `display` (depending on whether or not inline or
block mode was requested).

This iteration gives the administrator whitelisting powers; carefully
crafted regexes will thus let through only the desired attributes
necessary to support their custom markup.

Resolves: go-gitea#9054

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
 - Adds basic documentation to app.ini.sample,
 - Adds an example to the Configuration Cheat Sheet, and
 - Adds extended information to External Renderers section.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
These were left over from their initial names. Make them singular to
conform with the current expectations.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
@cipherboy cipherboy force-pushed the markdown-sanitizer-config branch from 5fed643 to 45963fc Compare December 6, 2019 13:54
@cipherboy
Copy link
Contributor Author

ACK, rebased.

@6543
Copy link
Member

6543 commented Dec 7, 2019

Make lgtm work

@techknowlogick techknowlogick merged commit ee7df7b into go-gitea:master Dec 7, 2019
@cipherboy
Copy link
Contributor Author

Thanks for the merge!

aswild added a commit to aswild/gitea that referenced this pull request Jan 23, 2020
* BREAKING
  * Remove unused endpoints (go-gitea#9538)
  * Prefix all user-generated IDs in markup (go-gitea#9477)
  * Enforce Gitea environment for pushes (go-gitea#8982)
  * Hide some user information via API if user have no enough permission (go-gitea#8655)
  * Move startpage/homepage translation to crowdin (go-gitea#8596)
* FEATURES
  * Webhooks should only show sender if it makes sense (go-gitea#9601)
  * Provide Default messages for merges (go-gitea#9393)
  * Add description to labels on create issue (go-gitea#9392)
  * Graceful Queues: Issue Indexing and Tasks (go-gitea#9363)
  * Default NO_REPLY_ADDRESS to DOMAIN (go-gitea#9325)
  * Allow FCGI over unix sockets (go-gitea#9298)
  * Graceful: Xorm, RepoIndexer, Cron and Others (go-gitea#9282)
  * Add API for Reactions (go-gitea#9220)
  * Graceful: Cancel Process on monitor pages & HammerTime (go-gitea#9213)
  * Graceful: Allow graceful restart for unix sockets (go-gitea#9113)
  * Graceful: Allow graceful restart for fcgi (go-gitea#9112)
  * Sign protected branches (go-gitea#8993)
  * Add Graceful shutdown for Windows and hooks for shutdown of goroutines (go-gitea#8964)
  * Add Gitea icon to Emojis (go-gitea#8950)
  * Expand/Collapse Files and Blob Excerpt while Reviewing/Comparing code (go-gitea#8924)
  * Allow Custom Reactions (go-gitea#8886)
  * Close/reopen issues by keywords in titles and comments (go-gitea#8866)
  * Allow incompletely specified Time Formats (go-gitea#8816)
  * Prevent upload (overwrite) of lfs locked file (go-gitea#8769)
  * Template Repositories (go-gitea#8768)
  * Add /milestones endpoint (go-gitea#8733)
  * Make repository management section handle lfs locks (go-gitea#8726)
  * Respect LFS File Lock on UI (go-gitea#8719)
  * Add team option to grant rights for all organization repositories (go-gitea#8688)
  * Enabling and disabling the commit button to prevent empty commits (web editor) (go-gitea#8590)
  * Add setting to disable BASIC authentication (go-gitea#8586)
  * Expose db.SetMaxOpenConns and allow non MySQL dbs to set conn pool params (go-gitea#8528)
  * Allow Protected Branches to Whitelist Deploy Keys (go-gitea#8483)
  * Push to create repo (go-gitea#8419)
  * Sign merges, CRUD, Wiki and Repository initialisation with gpg key (go-gitea#7631)
  * Add basic repository lfs management (go-gitea#7199)
* BUGFIXES
  * Disable remove button on repository teams when have access to all (go-gitea#9640)
  * Clean up old references on branch delete (go-gitea#9614)
  * Hide public repos owned by private orgs (go-gitea#9609)
  * Fix access issues on milestone and issue overview pages. (go-gitea#9603)
  * Fix error logged when repos qs is empty (go-gitea#9591)
  * Dont trigger notification twice on issue assignee change (go-gitea#9582)
  * Fix mirror pushed commit actions (go-gitea#9572)
  * Allow only specific columns to be updated on issue via API (go-gitea#9189) (go-gitea#9539)
  * Fix default avatar for ghost user (go-gitea#9536)
  * Fix download of release attachments with same name (go-gitea#9529)
  * Resolve deprecated INI conversion (go-gitea#9525)
  * Ignore empty avatars during database migration (go-gitea#9520)
  * Fix deleted branch isn't removed when push the branch again (go-gitea#9516)
  * Fix repository issues pagination bug when there are more than one label filter (go-gitea#9512)
  * Fix SetExpr failed (go-gitea#9506)
  * Remove obsolete file private/push_update.go (go-gitea#9503)
  * When recreating hooks, delete them first so they are recreated with the umask (go-gitea#9502)
  * Properly enforce gitea environment for pushes (go-gitea#9501)
  * Fix datarace on repo indexer queue (go-gitea#9490)
  * Add call to load repo prior to redirect in add/remove dependency code (go-gitea#9484)
  * Wrap the code indexer (go-gitea#9476)
  * Use Req.URL.RequestURI() to cope with FCGI urls (go-gitea#9473)
  * Set default ssh.minimum_key_sizes (go-gitea#9466)
  * Fixed issue with paging in /repos/{owner}/{repo}/git/trees/{sha} api (go-gitea#9459)
  * Fix wrong notification on merge (go-gitea#9450)
  * Issue with Migration rule v111 (go-gitea#9449)
  * Trigger webhook when deleting a branch after merging a PR (go-gitea#9424)
  * Add migration to sanitize repository original_url (go-gitea#9423)
  * Use OriginalURL instead of CloneAddr in migration logging (go-gitea#9418)
  * Push update after branch is restored (go-gitea#9416)
  * Fix wrong migration (go-gitea#9381)
  * Fix show repositories filter (go-gitea#9234) (go-gitea#9379)
  * Fix Slack webhook payload title generation to work with Mattermost (go-gitea#9378)
  * Fix double webhook for new PR (go-gitea#9375)
  * AuthorizedKeysCommand should not query db directly (go-gitea#9371)
  * Fix missed change to GetManager() (go-gitea#9361)
  * Fix cache problem on dashboard (go-gitea#9358)
  * RepoIndexer: DefaultBranch needs to be prefixed by BranchPrefix (go-gitea#9356)
  * Fix protected branch using IssueID (go-gitea#9348)
  * Fix nondeterministic behavior (go-gitea#9341)
  * Fix PR/issue redirects when having external tracker (go-gitea#9339)
  * Remove release attachments which repository has been deleted (go-gitea#9334)
  * Fix issue indexer not triggered when migrating a repository (go-gitea#9332)
  * Add SyncTags to uploader interface (go-gitea#9326)
  * Fix bug that release attachment files not deleted when deleting repository (go-gitea#9322)
  * Only sync tags after all migration release batches are completed (go-gitea#9319)
  * File Edit: Author/Committer interchanged (go-gitea#9297)
  * prebuild CSS/JS before xgo release binaries (go-gitea#9293)
  * Log: Ensure FLAGS=none shows no flags (go-gitea#9287)
  * Make Diff Detail on Pull Request Changed File UI always on Top (go-gitea#9280)
  * Switch CSS minifier to cssnano (go-gitea#9260)
  * Fix latest docker image haven't include static files. (go-gitea#9252)
  * Don't link wiki revision to commit (go-gitea#9244)
  * Change review content column to type text in db (go-gitea#9229)
  * Fixed topic regex pattern and added search by topic links after save (go-gitea#9219)
  * Add language to user API responce (go-gitea#9215)
  * Correct tooltip message blocked by dependencies (go-gitea#9211)
  * Add SimpleMDE and Fix Image Paste for Issue/Comment Editor (go-gitea#9197)
  * Fix panic when diff (go-gitea#9187)
  * Fix go-gitea#9151 - smtp logger configuration sendTos should be an array (go-gitea#9154)
  * Fix max length check and limit in multiple repo forms (go-gitea#9148)
  * Always Show Password Field on Link Account Sign-in Page (go-gitea#9147)
  * Properly fix displaying virtual session provider in admin panel (go-gitea#9137)
  * Fix race condition on indexer (go-gitea#9136)
  * Fix team links in HTML rendering (go-gitea#9127)
  * Fix race condition in ReplaceSanitizer (go-gitea#9123)
  * Fix what information is shown about user in API (go-gitea#9115)
  * Fix nil context user for template repositories (go-gitea#9099)
  * Hide given credentials for migrated repos. (go-gitea#9097)
  * Fix reCAPTCHA API URL (go-gitea#9083)
  * Fix password checks on admin create/edit user (go-gitea#9076)
  * Update golang.org/x/crypto vendor to use acme v2 (go-gitea#9056)
  * Ensure Written is set in GZIP ProxyResponseWriter (go-gitea#9018)
  * Fix wrong system notice when repository is empty (go-gitea#9010)
  * Fix broken link to branch from issue list (go-gitea#9003)
  * Fix bug when pack js (go-gitea#8992)
  * New review approvals shouldn't require a message (go-gitea#8991)
  * Shadow password correctly for session config (go-gitea#8984)
  * Don't send notification on pending reviews (go-gitea#8943)
  * Fix Notify Create Ref Error on tag creation (go-gitea#8936)
  * Convert EOL to UNIX-style to render MD properly (go-gitea#8925)
  * Migrate temp_repo.go to use git.NewCommand  (go-gitea#8918)
  * Fix issue with user.fullname (go-gitea#8902)
  * Add Close() method to gogitRepository (go-gitea#8901)
  * Enable punctuations ending mentions (go-gitea#8889)
  * Fix password complexity check on registration (go-gitea#8887)
  * Fix require external registration password (go-gitea#8885)
  * Fix edit content button on migrated issue content (go-gitea#8877)
  * Fix permission checks for close/reopen from commit (go-gitea#8875)
  * Fix API Bug (fail on empty assignees) (go-gitea#8873)
  * Stop using git count-objects and use raw directory size for repository (go-gitea#8848)
  * Fix count for commit graph last page (go-gitea#8843)
  * Fix to close opened io resources as soon as not needed (go-gitea#8839)
  * Improve notification (go-gitea#8835)
  * Fix new user form for non-local users (go-gitea#8826)
  * Fix: remove duplicated signed commit icons (go-gitea#8820)
  * Fix (open/closed) issue count when label excluded (go-gitea#8815)
  * Fix SSH2 conditional in key parsing code (go-gitea#8806)
  * Fix 500 when edit hook (go-gitea#8782)
  * On windows set core.longpaths true (go-gitea#8776)
  * Fix commit expand button to not go to commit link (go-gitea#8745)
  * Avoid re-issuing redundant cross-references. (go-gitea#8734)
  * Fix milestone close timestamp function (go-gitea#8728)
  * Move webhook codes from service to webhook notification (go-gitea#8712)
  * Show zero lines on the line counter if the file empty (go-gitea#8700)
  * Fix deadline on update issue or PR via API (go-gitea#8696)
  * make call createMilestoneComment on newIssue func (go-gitea#8678)
  * Send tag create and push webhook when release created on UI (go-gitea#8671)
  * Prevent chrome download page as html with alt + click (go-gitea#8669)
  * Fix 500 when getting user as unauthenticated user (go-gitea#8653)
  * Graceful fixes (go-gitea#8645)
  * Add SubURL to redirect path (go-gitea#8632) (go-gitea#8634)
  * Fix extra columns from `label` table (go-gitea#8633)
  * Add SubURL to redirect path for transferred/renamed repos (go-gitea#8632)
  * Fix bug when migrate from API (go-gitea#8631)
  * Allow to merge if file path contains " or \ (go-gitea#8629)
  * Prevent removal of non-empty emoji panel following selection of duplicate (go-gitea#8609)
  * Ensure default gpg settings not nil and found commits have reference to repo (go-gitea#8604)
  * Set webhook Content-Type for application/x-www-form-urlencoded (go-gitea#8599)
  * Fix go-gitea#8582 by handling empty repos (go-gitea#8587)
  * Fix of the diff statistics view on pull request's (go-gitea#8581)
  * Fix bug on pull requests when transfer head repository (go-gitea#8564)
  * Fix template error on account page (go-gitea#8562)
  * Allow externalID to be UUID (go-gitea#8551)
  * Fix ignored error on editorconfig api (go-gitea#8550)
  * Fix user avatar name (go-gitea#8547)
  * Ensure that GitRepo is set on Empty repositories (go-gitea#8539)
  * Add missed close in ServeBlobLFS (go-gitea#8527)
  * Fix migrate mirror 500 bug (go-gitea#8526)
  * Fix password complexity regex for special characters (on master) (go-gitea#8525)
* ENHANCEMENTS
  * Add a /user/login landing page option (go-gitea#9622)
  * Some more e-mail notification fixes (go-gitea#9596)
  * Add branch protection option to block merge on requested changes. (go-gitea#9592)
  * Add footer extra links template (go-gitea#9576)
  * Fix for a wrong URL in activity page of repository.  (go-gitea#9571)
  * Update default issue template (go-gitea#9568)
  * Change markdown rendering from blackfriday to goldmark  (go-gitea#9533)
  * Extend file create api with dates (go-gitea#9464)
  * Add ActionCommentPull action (go-gitea#9456)
  * Response for context on retry database connection (go-gitea#9444)
  * Refactor webhooks to reduce code duplication (go-gitea#9422)
  * update couchbase deps for new license (go-gitea#9419)
  * Add .ignore file for search tools (go-gitea#9417)
  * Remove unsued struct (go-gitea#9405)
  * Hide not allowed Reactions (go-gitea#9387)
  * Remove text from action-only webhooks (go-gitea#9377)
  * Move PushToBaseRepo from models to services/pull (go-gitea#9352)
  * Site admin could view org's members (go-gitea#9346)
  * Sleep longer if request speed is over github limitation (go-gitea#9335)
  * Refactor comment (go-gitea#9330)
  * Refactor code indexer (go-gitea#9313)
  * Remove SavePatch and generate patches on the fly (go-gitea#9302)
  * Move some pull request functions from models to services (go-gitea#9266)
  * Update JS dependencies (go-gitea#9255)
  * Show label list on label set (go-gitea#9251)
  * Redirect issue if repo has configured external tracker. (go-gitea#9247)
  * Allow kbd tags (go-gitea#9245)
  * Remove unused comment actions (go-gitea#9222)
  * Fixed errors logging in dump.go (go-gitea#9218)
  * Expose release counter to repo API response (go-gitea#9214)
  * Make consistent links to repository in the Slack/Mattermost notificiations (go-gitea#9205)
  * Expose pull request counter to repo API response (go-gitea#9202)
  * Extend TrackedTimes API (go-gitea#9200)
  * Extend StopWatch API (go-gitea#9196)
  * Move code indexer related code to a new package (go-gitea#9191)
  * Docker: ask s6 to stop all service when gitea stop (go-gitea#9171)
  * Variable expansion in repository templates (go-gitea#9163)
  * Add avatar and issue labels to template repositories (go-gitea#9149)
  * Show single review comments in the PR conversation tab (go-gitea#9143)
  * Extract createComment (go-gitea#9125)
  * Move PushUpdateOptions from models to repofiles (go-gitea#9124)
  * Alternate syntax for cross references (go-gitea#9116)
  * Add USE_SERVICE_WORKER setting (go-gitea#9110)
  * Only show part of members on orgnization dashboard and add paging for orgnization members page (go-gitea#9092)
  * Explore page: Add topic param to pagination (go-gitea#9077) (go-gitea#9078)
  * Markdown: Sanitizier Configuration (go-gitea#9075)
  * Add password requirement info on error (go-gitea#9074)
  * Allow authors to use act keywords in PR content (go-gitea#9059)
  * Move modules/gzip to gitea.com/macaron/gzip (go-gitea#9058)
  * Branch protection: Possibility to not use whitelist but allow anyone with write access (go-gitea#9055)
  * Context menus for comments, add quote reply (go-gitea#9043)
  * Update branch API endpoint to show effective branch protection. (go-gitea#9031)
  * Move git graph from models to modules/graph (go-gitea#9027)
  * Move merge actions to notification (go-gitea#9024)
  * Move mirror sync actions to notification (go-gitea#9022)
  * Add retry for migration http/https requests (go-gitea#9019)
  * Rewrite delivery of issue and comment mails (go-gitea#9009)
  * Add review comments to mail notifications (go-gitea#8996)
  * Refactor pull request review (go-gitea#8954)
  * Githook highlighter (go-gitea#8932)
  * Add git hooks and webhooks to template repositories; move to services (go-gitea#8926)
  * Only view branch or tag if it match refType requested. (go-gitea#8899)
  * Drop Admin attribute based on LDAP when login (continue go-gitea#1743) (go-gitea#8849)
  * Add additional periods to activity page (go-gitea#8829)
  * Update go-org to optimize code (go-gitea#8824)
  * Move some actions to notification/action (go-gitea#8779)
  * Webhook support custom proxy (go-gitea#8760)
  * Fix API deadline removal (go-gitea#8759)
  * Mark review comment as invalidated when file is deleted (go-gitea#8751)
  * Move pull list code to a separate file (go-gitea#8748)
  * Move webhook to a standalone package under modules (go-gitea#8747)
  * Multi repo select on issue page (go-gitea#8741)
  * apply exclude label on milestone issue list (go-gitea#8739)
  * Move issue notifications and assignee man (go-gitea#8713)
  * Move issue change content from models to service (go-gitea#8711)
  * Move issue change status from models to service (go-gitea#8691)
  * Move more issue assignee code from models to issue service (go-gitea#8690)
  * Create PR on Current Repository by Default (go-gitea#8670)
  * Improve Open Graph Protocol (go-gitea#8637)
  * Batch hook pre- and post-receive calls (go-gitea#8602)
  * Improve webhooks (go-gitea#8583)
  * Move transfer repository and rename repository on a service package and start action notification (go-gitea#8573)
  * Implement/Fix PR review webhooks (go-gitea#8570)
  * Rewrite markdown rendering to blackfriday v2 and rewrite orgmode rendering to go-org (go-gitea#8560)
  * Move some repositories' operations to a standalone service package (go-gitea#8557)
  * Allow more than 255 characters for tokens in external_login_user table (go-gitea#8554)
  * Move issue label operations to issue service package (go-gitea#8553)
  * Adjust error reporting from merge failures and use LC_ALL=C for git (go-gitea#8548)
  * Mail assignee when issue/pull request is assigned (go-gitea#8546)
  * Allow committing / adding empty files using the web ui (go-gitea#8420) (go-gitea#8532)
  * Move sync mirror actions to mirror service package (go-gitea#8518)
  * Remove arrows on numeric inputs (go-gitea#8516)
  * Support inline rendering of CUSTOM_URL_SCHEMES (go-gitea#8496)
  * Recalculate repository access only for specific user (go-gitea#8481)
  * Add download button for rull request diff- and patch-file (go-gitea#8470)
  * Add single sign-on support via SSPI on Windows (go-gitea#8463)
  * Move change issue title from models to issue service package (go-gitea#8456)
  * Add included tag on  branch view (go-gitea#8449)
  * Make static resouces web browser cache time customized on app.ini (go-gitea#8442)
  * Enable Uploading/Removing Attachments When Editing an Issue/Comment (go-gitea#8426)
  * Add pagination to commit graph page (go-gitea#8360)
  * Use templates for issue e-mail subject and body (go-gitea#8329)
  * Move clearlabels from models to issue service (go-gitea#8326)
  * Move AddTestPullRequestTask to pull service package from models (go-gitea#8324)
  * Team permission to create repository in organization (go-gitea#8312)
  * Allows external rendering of other filetypes (go-gitea#8300)
  * Add 'Alt + click' feature to exclude labels (go-gitea#8199)
  * Configurable close and reopen keywords for PRs (go-gitea#8120)
  * Configurable URL for static resources (go-gitea#7911)
  * Unifies commit list in repository commit table and wiki revision page (go-gitea#7907)
  * Allow cross-repository dependencies on issues (go-gitea#7901)
  * Auto-subscribe user to repository when they commit/tag to it (go-gitea#7657)
  * Restore Graceful Restarting & Socket Activation (go-gitea#7274)
  * wiki - add 'write' 'preview' buttons to wiki edit like in issues (go-gitea#7241)
  * Change target branch for pull request (go-gitea#6488)
  * Display PR commits and diffs using base repo rather than forked (go-gitea#3648)
* SECURITY
  * Swagger hide search field (go-gitea#9554)
  * Add "search" to reserved usernames (go-gitea#9063)
  * Switch to fomantic-ui (go-gitea#9374)
  * Only serve attachments when linked to issue/release and if accessible by user (go-gitea#9340)
  * Hide credentials when submitting migration through API (go-gitea#9102)
* TESTING
  * Add debug option to serv to help debug problems (go-gitea#9492)
  * Fix the intermittent TestGPGGit failures (go-gitea#9360)
  * Testing: Update postgres sequences (go-gitea#9304)
  * Missed defer prepareTestEnv (go-gitea#9285)
  * Fix "data race" in testlogger (go-gitea#9159)
  * Yet another attempt to fix the intermittent failure of gpg git test (go-gitea#9146)
  * integrations: Fix Dropped Test Errors (go-gitea#9040)
  * services/mirror: fix dropped test errors (go-gitea#9007)
  * Fix intermittent GPG Git test failure (go-gitea#8968)
  * Update Github Migration Tests (go-gitea#8893) (go-gitea#8938)
  * Update heatmap fixtures to restore tests (go-gitea#8615)
* TRANSLATION
  * Fix placeholders in the error message (go-gitea#9060)
  * Fix spelling of admin.users.max_repo_creation (go-gitea#8934)
  * Improve german translation of homepage (go-gitea#8549)
* BUILD
  * Update gitea.com/macaron to 1.4.0 (go-gitea#9608)
  * Upgrade lato fonts to v16. (go-gitea#9498)
  * Update alpine to 3.11 (go-gitea#9440)
  * Upgrade blevesearch (go-gitea#9177)
  * Remove built js/css files from git (go-gitea#9114)
  * Move semantic.dropdown.custom.js to webpack (go-gitea#9064)
  * Check compiled files during build (go-gitea#9042)
  * Enable lazy-loading of gitgraph.js (go-gitea#9036)
  * Pack web_src/js/draw.js to public/js/index.js (go-gitea#8975)
  * Modernize js and use babel (go-gitea#8973)
  * Move index.js to web_src and use webpack to pack them (go-gitea#8598)
  * Restrict modules/graceful to non-windows build and shim IsChild (go-gitea#8537)
  * Upgrade gopkg.in/editorconfig/editorconfig-core-go.v1 (go-gitea#8501)
* DOCS
  * Swagger info corrections (go-gitea#9441) (go-gitea#9558)
  * Add ALLOW_ONLY_EXTERNAL_REGISTRATION to config cheat sheet (go-gitea#8986)
  * Rephrase comment about RuntimeDirectory option in systemd config (go-gitea#8912)
  * Explicitly indicate the socket unit to use the service unit "gitea.service" (go-gitea#8804)
  * Adjust the must-change-password help (go-gitea#8755)
  * Add notice to docs for migrating from more recent versions of Gogs (go-gitea#8724)
  * Add explicit info about customization of homepage (go-gitea#8694)
  * Change external asciidoctor tool to embedded mode (go-gitea#8677)
  * Add Docker fail2ban configuration (go-gitea#8642)
  * Correct some outdated statements in the contributing guidelines (go-gitea#8612)
  * Basic Design guidelines (describing different parts of the code) (go-gitea#8601)
  * Display Gitea logo in Readme (go-gitea#8592)
  * Fix building from source docs to ref AppWorkPath (go-gitea#8567)
  * Update the provided gitea.service to mention socket activation (go-gitea#8531)
  * Doc added how to setup email (go-gitea#8520)
* MISC
  * Add translatable Powered by Gitea text in footer (go-gitea#9600)
  * Add contrib/environment-to-ini (go-gitea#9519)
  * Remove unnecessary loading of settings in update hook (go-gitea#9496)
  * Update gitignore list (go-gitea#9437)
  * Update license list (go-gitea#9436)
  * Fix background reactions in the arc-green theme (go-gitea#9421)
  * Update and fix chardet import (go-gitea#9351)
  * Ensure LF on checkouts and in editors (go-gitea#9259)
  * Fixed topics margin (go-gitea#9248)
  * Add comment to exported function WindowsServiceName (make revive) (go-gitea#9241)
  * Remove empty lines on issues/pulls page (go-gitea#9232)
  * Fix Add Comment Button's "+" Position (go-gitea#9140)
  * Add first issue comment hashtag (go-gitea#9052)
  * Change some label colors (go-gitea#9051)
  * Fix double scroll in branch dropdown (go-gitea#9048)
  * Add comment highlight when target from url (go-gitea#9047)
  * Update display of reactions to issues and comments (go-gitea#9038)
  * Button tooltip formatting under Branches (go-gitea#9034)
  * Allow setting default branch via API (go-gitea#9030)
  * Update dashboard context for PR reviews (go-gitea#8995)
  * Show repository size in repo home page and settings (go-gitea#8940)
  * Allow to add and remove all repositories to/from team. (go-gitea#8867)
  * Show due date in dashboard issues list (go-gitea#8860)
  * Theme arc-green: reverse heatmap colors (go-gitea#8840)
  * Project files table style update (go-gitea#8757)
  * gitignore debugging file from vscode (go-gitea#8740)
  * Add API for Issue set Subscription (go-gitea#8729)
  * Make 100% width search bar (go-gitea#8710)
  * Update color theme for heatmap (go-gitea#8709)
  * Add margin to title_wip_desc (go-gitea#8705)
  * Improve visibility of "Pending" indicator (go-gitea#8685)
  * Improve accessibility of dropdown menus (go-gitea#8638)
  * Make /users/{username}/repos list private repos the current user has access to (go-gitea#8621)
  * Prevent .code-view from overriding font on icon fonts (go-gitea#8614)
  * Add id references on all issue events to allow internal linking (go-gitea#8608)
  * Upgrade xorm to v0.8.0 (go-gitea#8536)
  * Upgrade gopkg.in/ini.v1 (go-gitea#8500)
  * Update CodeMirror to version 5.49.0 (go-gitea#8381)
  * Wiki editor: enable side-by-side button (go-gitea#7242)
zeripath added a commit that referenced this pull request Apr 29, 2020
In #9888, it was reported that my earlier pull request #9075 didn't quite function as expected. I was quite hopeful the `ValuesWithShadow()` worked as expected (and, I thought my testing showed it did) but I guess not. @zeripath proposed an alternative syntax which I like:

```ini
[markup.sanitizer.1]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
[markup.sanitizer.2]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
```

This was quite easy to adopt into the existing code. I've done so in a semi-backwards-compatible manner:

 - The value from `.Value()` is used for each element.
 - We parse `[markup.sanitizer]` and all `[markup.sanitizer.*]` sections and add them as rules.

This means that existing configs will load one rule (not all rules). It also means people can use string identifiers (`[markup.sanitiser.KaTeX]`) if they prefer, instead of numbered ones.

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
ydelafollye pushed a commit to ydelafollye/gitea that referenced this pull request Jul 31, 2020
In go-gitea#9888, it was reported that my earlier pull request go-gitea#9075 didn't quite function as expected. I was quite hopeful the `ValuesWithShadow()` worked as expected (and, I thought my testing showed it did) but I guess not. @zeripath proposed an alternative syntax which I like:

```ini
[markup.sanitizer.1]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
[markup.sanitizer.2]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
```

This was quite easy to adopt into the existing code. I've done so in a semi-backwards-compatible manner:

 - The value from `.Value()` is used for each element.
 - We parse `[markup.sanitizer]` and all `[markup.sanitizer.*]` sections and add them as rules.

This means that existing configs will load one rule (not all rules). It also means people can use string identifiers (`[markup.sanitiser.KaTeX]`) if they prefer, instead of numbered ones.

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Markdown rendering changes - stripping classes?
7 participants