Skip to content

[backport] fix sanitation #1646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lunny merged 2 commits into from
Apr 30, 2017
Merged

[backport] fix sanitation #1646

lunny merged 2 commits into from
Apr 30, 2017

Conversation

@bkcsoft
Copy link
Member

@bkcsoft bkcsoft commented Apr 30, 2017

Backport of #1461

@bkcsoft
Santiation fix from Gogs
80a9bca 
- Add code-injection checks
@bkcsoft bkcsoft requested review from appleboy and lunny April 30, 2017 06:26
@appleboy
Copy link
Member

appleboy commented Apr 30, 2017

LGTM

@tboerger tboerger added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Apr 30, 2017
lunny
lunny requested changes Apr 30, 2017
View reviewed changes
modules/markdown/sanitizer.go Outdated
// Multiple calls to this function will only create one instance of Sanitizer during
// entire application lifecycle.
func NewSanitizer() {
log.Trace("Markdown: sanitizer initialization requested")
Copy link
Member

@lunny lunny Apr 30, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember this will break SSH

modules/markdown/sanitizer.go Outdated
// Custom URL-Schemes
sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)

log.Trace("Markdown: sanitizer initialized")
Copy link
Member

@lunny lunny Apr 30, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also this line.

@lunny lunny added this to the 1.1.1 milestone Apr 30, 2017
@lunny lunny added the type/bug label Apr 30, 2017
@lunny
Copy link
Member

lunny commented Apr 30, 2017

LGTM

@tboerger tboerger added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Apr 30, 2017
@lunny lunny merged commit 473df53 into release/v1.1 Apr 30, 2017
@bkcsoft bkcsoft deleted the bp-1-1/fix-sanitation branch June 15, 2017 02:41
@go-gitea go-gitea locked and limited conversation to collaborators Nov 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny lunny approved these changes

+1 more reviewer

@appleboy appleboy appleboy approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug

Projects

None yet

Milestone

1.1.1

Development

Successfully merging this pull request may close these issues.

5 participants

@bkcsoft @appleboy @lunny @tboerger