Allow render HTML with css/js external links (#19017)

* Allow render HTML with css/js external links * Fix bug because of filename escape chars * Fix lint * Update docs about new configuration item * Fix bug of render HTML in sub directory * Add CSP head for displaying iframe in rendering file * Fix test * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * Some improvements * some improvement * revert change in SanitizerDisabled of external renderer * Add sandbox for iframe and support allow-scripts and allow-same-origin * refactor * fix * fix lint * fine tune * use single option RENDER_CONTENT_MODE, use sandbox=allow-scripts * fine tune CSP * Apply suggestions from code review Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-11-04 08:30:25 +08:00 · 2022-06-16 11:33:23 +08:00
parent 7d1770cd71
commit b01dce2a6e
17 changed files with 248 additions and 93 deletions
--- a/modules/setting/markup.go
+++ b/modules/setting/markup.go
@@ -20,6 +20,12 @@ var (
 	MermaidMaxSourceCharacters int
 )

+const (
+	RenderContentModeSanitized   = "sanitized"
+	RenderContentModeNoSanitizer = "no-sanitizer"
+	RenderContentModeIframe      = "iframe"
+)
+
 // MarkupRenderer defines the external parser configured in ini
 type MarkupRenderer struct {
 	Enabled              bool
@@ -29,7 +35,7 @@ type MarkupRenderer struct {
 	IsInputFile          bool
 	NeedPostProcess      bool
 	MarkupSanitizerRules []MarkupSanitizerRule
-	DisableSanitizer     bool
+	RenderContentMode    string
 }

 // MarkupSanitizerRule defines the policy for whitelisting attributes on
@@ -144,13 +150,28 @@ func newMarkupRenderer(name string, sec *ini.Section) {
 		return
 	}

+	if sec.HasKey("DISABLE_SANITIZER") {
+		log.Error("Deprecated setting `[markup.*]` `DISABLE_SANITIZER` present. This fallback will be removed in v1.18.0")
+	}
+
+	renderContentMode := sec.Key("RENDER_CONTENT_MODE").MustString(RenderContentModeSanitized)
+	if !sec.HasKey("RENDER_CONTENT_MODE") && sec.Key("DISABLE_SANITIZER").MustBool(false) {
+		renderContentMode = RenderContentModeNoSanitizer // if only the legacy DISABLE_SANITIZER exists, use it
+	}
+	if renderContentMode != RenderContentModeSanitized &&
+		renderContentMode != RenderContentModeNoSanitizer &&
+		renderContentMode != RenderContentModeIframe {
+		log.Error("invalid RENDER_CONTENT_MODE: %q, default to %q", renderContentMode, RenderContentModeSanitized)
+		renderContentMode = RenderContentModeSanitized
+	}
+
 	ExternalMarkupRenderers = append(ExternalMarkupRenderers, &MarkupRenderer{
-		Enabled:          sec.Key("ENABLED").MustBool(false),
-		MarkupName:       name,
-		FileExtensions:   exts,
-		Command:          command,
-		IsInputFile:      sec.Key("IS_INPUT_FILE").MustBool(false),
-		NeedPostProcess:  sec.Key("NEED_POSTPROCESS").MustBool(true),
-		DisableSanitizer: sec.Key("DISABLE_SANITIZER").MustBool(false),
+		Enabled:           sec.Key("ENABLED").MustBool(false),
+		MarkupName:        name,
+		FileExtensions:    exts,
+		Command:           command,
+		IsInputFile:       sec.Key("IS_INPUT_FILE").MustBool(false),
+		NeedPostProcess:   sec.Key("NEED_POSTPROCESS").MustBool(true),
+		RenderContentMode: renderContentMode,
 	})
 }