gitea: [Bug] Markdown

Description

I think that this and the broken feature is called markdown, and if you use it this way as i do under this text it will break, for some reason it don’t here at github 😃

If the link provided not working, just use the code that i used here!

Example

# Status Hover
1 Works Here
2 Broken Here

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 18 (16 by maintainers)

Commits related to this issue

Most upvoted comments

This comes from default bluemonday policy and not goldmark:

https://github.com/go-gitea/gitea/blob/dc822d5291c208bc21fe1312de2a558468e8eebc/vendor/github.com/microcosm-cc/bluemonday/helpers.go#L109-L112

Then enabled for title here:

https://github.com/go-gitea/gitea/blob/dc822d5291c208bc21fe1312de2a558468e8eebc/vendor/github.com/microcosm-cc/bluemonday/helpers.go#L162-L163

If we did want to overide it and allow a closing tag for link titles we could use this in https://github.com/go-gitea/gitea/blob/master/modules/markup/sanitizer.go,

sanitizer.policy.AllowAttrs("title").Matching(regexp.MustCompile(`^[\p{L}\p{N}\s\-_',\[\]!\./\\\(\)\>]*$`)).OnElements("a")

Which in testing would output:

<td>Broken</td>
<td><a href="https://:" title="1 -&gt; 2 -&gt; 3 -&gt; 4 -&gt; 5">How</a></td>

Which seems fine in that example. I believe. You can see it currently doesn’t allow other characters as well (pretty much anything that isn’t a word number and those few punctuations listed)

+1
mrsdizzie on Feb 19, 2020
Read more comments on GitHub
← gitea: [BUG] In 1.15.0, git push activites does not work, webhook on push not work
gitea: [Bug] Merged PRs have their commits and files changed metadata 'zeroed'... sometimes. →