domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Allow to specify colors for text in markup (#20363)

Browse source 
`<span style="color: red">Hello World!</span>` will now be accepted by
Bluemonday, other properties are still disallowed by Bluemonday.
This commit is contained in:
Gusted 2022-07-15 06:38:10 +00:00 committed by GitHub
parent 4ddae2c1b5
commit edd945bca3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/markup/sanitizer.go
View file

@ -85,6 +85,12 @@ func createDefaultPolicy() *bluemonday.Policy {
// Allow icons, emojis, chroma syntax and keyword markup on span
policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(emoji))$|^([a-z][a-z0-9]{0,2})$|^` + keywordClass + `$`)).OnElements("span")
// Allow 'style' attribute on text elements.
policy.AllowAttrs("style").OnElements("span", "p")
// Allow 'color' property for the style attribute on text elements.
policy.AllowStyles("color").OnElements("span", "p")
// Allow generally safe attributes
generalSafeAttrs := []string{
"abbr", "accept", "accept-charset",