0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-27 09:54:15 -05:00
forgejo/routers/web
Lunny Xiao b01dce2a6e
Allow render HTML with css/js external links (#19017)
* Allow render HTML with css/js external links

* Fix bug because of filename escape chars

* Fix lint

* Update docs about new configuration item

* Fix bug of render HTML in sub directory

* Add CSP head for displaying iframe in rendering file

* Fix test

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* Some improvements

* some improvement

* revert change in SanitizerDisabled of external renderer

* Add sandbox for iframe and support allow-scripts and allow-same-origin

* refactor

* fix

* fix lint

* fine tune

* use single option RENDER_CONTENT_MODE, use sandbox=allow-scripts

* fine tune CSP

* Apply suggestions from code review

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-06-16 11:33:23 +08:00
..
admin Refactor git module, make Gitea use internal git config (#19732) 2022-06-10 09:57:49 +08:00
auth Adding button to link accounts from user settings (#19792) 2022-05-29 02:03:17 +02:00
dev Move user related model into models/user (#17781) 2021-11-24 17:49:20 +08:00
events Improve Stopwatch behavior (#18930) 2022-04-25 22:45:22 +02:00
explore In code search, get code unit accessible repos in one (main) query (#19764) 2022-06-16 02:24:10 +03:00
feed Add ContextUser to http request context (#18798) 2022-03-26 17:04:22 +08:00
healthcheck Update go-chi/cache to utilize Ping() (#19719) 2022-05-15 20:43:27 +02:00
misc Fix panic in team repos API (#19431) 2022-04-20 18:43:26 +08:00
org Move issues related files into models/issues (#19931) 2022-06-13 17:37:59 +08:00
repo Allow render HTML with css/js external links (#19017) 2022-06-16 11:33:23 +08:00
user Remove tab/TabName usage where it's not needed (#19973) 2022-06-15 23:05:32 +08:00
auth.go Remove legacy +build: constraint (#19582) 2022-05-02 23:22:45 +08:00
auth_windows.go Let web and API routes have different auth methods group (#19168) 2022-03-28 12:46:28 +08:00
base.go Update base.go (#19739) 2022-05-19 11:20:34 -04:00
goget.go Refactor legacy unknwon/com package, improve golangci lint (#19284) 2022-04-01 16:47:50 +08:00
home.go Renamed ctx.User to ctx.Doer. (#19161) 2022-03-22 15:03:22 +08:00
metrics.go Update HTTP status codes to modern codes (#18063) 2022-03-23 12:54:07 +08:00
nodeinfo.go Add nodeinfo endpoint for federation purposes (#16953) 2021-09-28 01:38:06 +02:00
swagger_json.go
web.go Allow render HTML with css/js external links (#19017) 2022-06-16 11:33:23 +08:00
webfinger.go Move almost all functions' parameter db.Engine to context.Context (#19748) 2022-05-20 22:08:52 +08:00