022552d5b6
Backport #26745 Fixes #26548 This PR refactors the rendering of markup links. The old code uses `strings.Replace` to change some urls while the new code uses more context to decide which link should be generated. The added tests should ensure the same output for the old and new behaviour (besides the bug). We may need to refactor the rendering a bit more to make it clear how the different helper methods render the input string. There are lots of options (resolve links / images / mentions / git hashes / emojis / ...) but you don't really know what helper uses which options. For example, we currently support images in the user description which should not be allowed I think: <details> <summary>Profile</summary> https://try.gitea.io/KN4CK3R ![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5) </details>
77 lines
1.8 KiB
Go
77 lines
1.8 KiB
Go
// Copyright 2022 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package repo
|
|
|
|
import (
|
|
"bytes"
|
|
"io"
|
|
"net/http"
|
|
"path"
|
|
|
|
"code.gitea.io/gitea/modules/charset"
|
|
"code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/git"
|
|
"code.gitea.io/gitea/modules/markup"
|
|
"code.gitea.io/gitea/modules/typesniffer"
|
|
"code.gitea.io/gitea/modules/util"
|
|
)
|
|
|
|
// RenderFile renders a file by repos path
|
|
func RenderFile(ctx *context.Context) {
|
|
blob, err := ctx.Repo.Commit.GetBlobByPath(ctx.Repo.TreePath)
|
|
if err != nil {
|
|
if git.IsErrNotExist(err) {
|
|
ctx.NotFound("GetBlobByPath", err)
|
|
} else {
|
|
ctx.ServerError("GetBlobByPath", err)
|
|
}
|
|
return
|
|
}
|
|
|
|
dataRc, err := blob.DataAsync()
|
|
if err != nil {
|
|
ctx.ServerError("DataAsync", err)
|
|
return
|
|
}
|
|
defer dataRc.Close()
|
|
|
|
buf := make([]byte, 1024)
|
|
n, _ := util.ReadAtMost(dataRc, buf)
|
|
buf = buf[:n]
|
|
|
|
st := typesniffer.DetectContentType(buf)
|
|
isTextFile := st.IsText()
|
|
|
|
rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc))
|
|
|
|
if markupType := markup.Type(blob.Name()); markupType == "" {
|
|
if isTextFile {
|
|
_, err = io.Copy(ctx.Resp, rd)
|
|
if err != nil {
|
|
ctx.ServerError("Copy", err)
|
|
}
|
|
return
|
|
}
|
|
ctx.Error(http.StatusInternalServerError, "Unsupported file type render")
|
|
return
|
|
}
|
|
|
|
ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts")
|
|
err = markup.Render(&markup.RenderContext{
|
|
Ctx: ctx,
|
|
RelativePath: ctx.Repo.TreePath,
|
|
Links: markup.Links{
|
|
Base: ctx.Repo.RepoLink,
|
|
BranchPath: ctx.Repo.BranchNameSubURL(),
|
|
TreePath: path.Dir(ctx.Repo.TreePath),
|
|
},
|
|
Metas: ctx.Repo.Repository.ComposeDocumentMetas(),
|
|
GitRepo: ctx.Repo.GitRepo,
|
|
InStandalonePage: true,
|
|
}, rd, ctx.Resp)
|
|
if err != nil {
|
|
ctx.ServerError("Render", err)
|
|
return
|
|
}
|
|
}
|