ee7df7ba8c
* Support custom sanitization policy Allowing the gitea administrator to configure sanitization policy allows them to couple external renders and custom templates to support more markup. In particular, the `pandoc` renderer allows generating KaTeX annotations, wrapping them in `<span>` elements with class `math` and either `inline` or `display` (depending on whether or not inline or block mode was requested). This iteration gives the administrator whitelisting powers; carefully crafted regexes will thus let through only the desired attributes necessary to support their custom markup. Resolves: #9054 Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Document new sanitization configuration - Adds basic documentation to app.ini.sample, - Adds an example to the Configuration Cheat Sheet, and - Adds extended information to External Renderers section. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Drop extraneous length check in newMarkupSanitizer(...) Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Fix plural ELEMENT and ALLOW_ATTR in docs These were left over from their initial names. Make them singular to conform with the current expectations. Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> |
||
|---|---|---|
| .. | ||
| cache.go | ||
| cors.go | ||
| cron.go | ||
| database.go | ||
| database_sqlite.go | ||
| database_test.go | ||
| git.go | ||
| indexer.go | ||
| indexer_test.go | ||
| log.go | ||
| mailer.go | ||
| markup.go | ||
| migrations.go | ||
| repository.go | ||
| service.go | ||
| session.go | ||
| setting.go | ||
| task.go | ||
| webhook.go | ||