mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-27 00:23:41 +09:00 
			
		
		
		
	Refactor HTMLFormat, update chroma render, fix js error (#33136)
A small refactor to improve HTMLFormat, to help to prevent low-level mistakes. And fix #33141, fix #33139
This commit is contained in:
		| @@ -38,7 +38,7 @@ func NewFuncMap() template.FuncMap { | ||||
| 		"Iif":          iif, | ||||
| 		"Eval":         evalTokens, | ||||
| 		"SafeHTML":     safeHTML, | ||||
| 		"HTMLFormat":   htmlutil.HTMLFormat, | ||||
| 		"HTMLFormat":   htmlFormat, | ||||
| 		"HTMLEscape":   htmlEscape, | ||||
| 		"QueryEscape":  queryEscape, | ||||
| 		"QueryBuild":   QueryBuild, | ||||
| @@ -207,6 +207,20 @@ func htmlEscape(s any) template.HTML { | ||||
| 	panic(fmt.Sprintf("unexpected type %T", s)) | ||||
| } | ||||
|  | ||||
| func htmlFormat(s any, args ...any) template.HTML { | ||||
| 	if len(args) == 0 { | ||||
| 		// to prevent developers from calling "HTMLFormat $userInput" by mistake which will lead to XSS | ||||
| 		panic("missing arguments for HTMLFormat") | ||||
| 	} | ||||
| 	switch v := s.(type) { | ||||
| 	case string: | ||||
| 		return htmlutil.HTMLFormat(template.HTML(v), args...) | ||||
| 	case template.HTML: | ||||
| 		return htmlutil.HTMLFormat(v, args...) | ||||
| 	} | ||||
| 	panic(fmt.Sprintf("unexpected type %T", s)) | ||||
| } | ||||
|  | ||||
| func jsEscapeSafe(s string) template.HTML { | ||||
| 	return template.HTML(template.JSEscapeString(s)) | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user