Support ignore all santize for external renderer (#18984)

* Support ignore all santize for external renderer * Update docs * Apply suggestions from code review Co-authored-by: silverwind <me@silverwind.io> * Fix doc Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: 6543 <6543@obermui.de>
2022-03-06 16:41:54 +08:00 · 2022-03-06 16:41:54 +08:00 · b24e8d38af
commit b24e8d38af
parent 3e28fa72ce
9 changed files with 84 additions and 19 deletions
--- a/modules/markup/csv/csv.go
+++ b/modules/markup/csv/csv.go
@ -46,6 +46,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
 	}
 }

+// SanitizerDisabled disabled sanitize if return true
+func (Renderer) SanitizerDisabled() bool {
+	return false
+}
+
 func writeField(w io.Writer, element, class, field string) error {
 	if _, err := io.WriteString(w, "<"); err != nil {
 		return err
--- a/modules/markup/external/external.go
+++ b/modules/markup/external/external.go
@ -54,6 +54,11 @@ func (p *Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
 	return p.MarkupSanitizerRules
 }

+// SanitizerDisabled disabled sanitize if return true
+func (p *Renderer) SanitizerDisabled() bool {
+	return p.DisableSanitizer
+}
+
 func envMark(envName string) string {
 	if runtime.GOOS == "windows" {
 		return "%" + envName + "%"
--- a/modules/markup/markdown/markdown.go
+++ b/modules/markup/markdown/markdown.go
@ -221,6 +221,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
 	return []setting.MarkupSanitizerRule{}
 }

+// SanitizerDisabled disabled sanitize if return true
+func (Renderer) SanitizerDisabled() bool {
+	return false
+}
+
 // Render implements markup.Renderer
 func (Renderer) Render(ctx *markup.RenderContext, input io.Reader, output io.Writer) error {
 	return render(ctx, input, output)
--- a/modules/markup/orgmode/orgmode.go
+++ b/modules/markup/orgmode/orgmode.go
@ -47,6 +47,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
 	return []setting.MarkupSanitizerRule{}
 }

+// SanitizerDisabled disabled sanitize if return true
+func (Renderer) SanitizerDisabled() bool {
+	return false
+}
+
 // Render renders orgmode rawbytes to HTML
 func Render(ctx *markup.RenderContext, input io.Reader, output io.Writer) error {
 	htmlWriter := org.NewHTMLWriter()
--- a/modules/markup/renderer.go
+++ b/modules/markup/renderer.go
@ -81,6 +81,7 @@ type Renderer interface {
 	Extensions() []string
 	NeedPostProcess() bool
 	SanitizerRules() []setting.MarkupSanitizerRule
+	SanitizerDisabled() bool
 	Render(ctx *RenderContext, input io.Reader, output io.Writer) error
 }

@ -127,6 +128,12 @@ func RenderString(ctx *RenderContext, content string) (string, error) {
 	return buf.String(), nil
 }

+type nopCloser struct {
+	io.Writer
+}
+
+func (nopCloser) Close() error { return nil }
+
 func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Writer) error {
 	var wg sync.WaitGroup
 	var err error
@ -136,18 +143,25 @@ func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Wr
 		_ = pw.Close()
 	}()

-	pr2, pw2 := io.Pipe()
-	defer func() {
-		_ = pr2.Close()
-		_ = pw2.Close()
-	}()
+	var pr2 io.ReadCloser
+	var pw2 io.WriteCloser

-	wg.Add(1)
-	go func() {
-		err = SanitizeReader(pr2, renderer.Name(), output)
-		_ = pr2.Close()
-		wg.Done()
-	}()
+	if !renderer.SanitizerDisabled() {
+		pr2, pw2 = io.Pipe()
+		defer func() {
+			_ = pr2.Close()
+			_ = pw2.Close()
+		}()
+
+		wg.Add(1)
+		go func() {
+			err = SanitizeReader(pr2, renderer.Name(), output)
+			_ = pr2.Close()
+			wg.Done()
+		}()
+	} else {
+		pw2 = nopCloser{output}
+	}

 	wg.Add(1)
 	go func() {
--- a/modules/setting/markup.go
+++ b/modules/setting/markup.go
@ -29,6 +29,7 @@ type MarkupRenderer struct {
 	IsInputFile          bool
 	NeedPostProcess      bool
 	MarkupSanitizerRules []MarkupSanitizerRule
+	DisableSanitizer     bool
 }

 // MarkupSanitizerRule defines the policy for whitelisting attributes on
@ -144,11 +145,12 @@ func newMarkupRenderer(name string, sec *ini.Section) {
 	}

 	ExternalMarkupRenderers = append(ExternalMarkupRenderers, &MarkupRenderer{
-		Enabled:         sec.Key("ENABLED").MustBool(false),
-		MarkupName:      name,
-		FileExtensions:  exts,
-		Command:         command,
-		IsInputFile:     sec.Key("IS_INPUT_FILE").MustBool(false),
-		NeedPostProcess: sec.Key("NEED_POSTPROCESS").MustBool(true),
+		Enabled:          sec.Key("ENABLED").MustBool(false),
+		MarkupName:       name,
+		FileExtensions:   exts,
+		Command:          command,
+		IsInputFile:      sec.Key("IS_INPUT_FILE").MustBool(false),
+		NeedPostProcess:  sec.Key("NEED_POSTPROCESS").MustBool(true),
+		DisableSanitizer: sec.Key("DISABLE_SANITIZER").MustBool(false),
 	})
 }