1
0
mirror of https://github.com/schollz/cowyo.git synced 2023-08-10 21:13:00 +03:00

Allow insecure markup (for private wikis amongst friends)

This commit is contained in:
Daniel Heath 2018-01-18 20:50:55 +11:00
parent 2f1c0e3cd2
commit 89d58f5a22
2 changed files with 24 additions and 1 deletions

19
main.go
View File

@ -38,7 +38,20 @@ func main() {
} else { } else {
fmt.Printf("\nRunning cowyo server (version %s) at http://%s:%s\n\n", version, host, c.GlobalString("port")) fmt.Printf("\nRunning cowyo server (version %s) at http://%s:%s\n\n", version, host, c.GlobalString("port"))
} }
serve(c.GlobalString("host"), c.GlobalString("port"), c.GlobalString("cert"), c.GlobalString("key"), TLS, c.GlobalString("css"), c.GlobalString("default-page"), c.GlobalString("lock"), c.GlobalInt("debounce"), c.GlobalBool("diary"))
allowInsecureHtml = c.GlobalBool("allow-insecure-markup")
serve(
c.GlobalString("host"),
c.GlobalString("port"),
c.GlobalString("cert"),
c.GlobalString("key"),
TLS,
c.GlobalString("css"),
c.GlobalString("default-page"),
c.GlobalString("lock"),
c.GlobalInt("debounce"),
c.GlobalBool("diary"),
)
return nil return nil
} }
app.Flags = []cli.Flag{ app.Flags = []cli.Flag{
@ -82,6 +95,10 @@ func main() {
Value: "", Value: "",
Usage: "show default-page/read instead of editing (default: show random editing)", Usage: "show default-page/read instead of editing (default: show random editing)",
}, },
cli.BoolFlag{
Name: "allow-insecure-markup",
Usage: "Skip HTML sanitization",
},
cli.StringFlag{ cli.StringFlag{
Name: "lock", Name: "lock",
Value: "", Value: "",

View File

@ -20,6 +20,7 @@ import (
var animals []string var animals []string
var adjectives []string var adjectives []string
var aboutPageText string var aboutPageText string
var allowInsecureHtml bool
var log *lumber.ConsoleLogger var log *lumber.ConsoleLogger
@ -174,6 +175,11 @@ func exists(path string) bool {
func MarkdownToHtml(s string) string { func MarkdownToHtml(s string) string {
unsafe := blackfriday.MarkdownCommon([]byte(s)) unsafe := blackfriday.MarkdownCommon([]byte(s))
if allowInsecureHtml {
return string(unsafe)
}
pClean := bluemonday.UGCPolicy() pClean := bluemonday.UGCPolicy()
pClean.AllowElements("img") pClean.AllowElements("img")
pClean.AllowAttrs("alt").OnElements("img") pClean.AllowAttrs("alt").OnElements("img")