mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-15 11:30:49 +00:00
b01dce2a6e
* Allow render HTML with css/js external links * Fix bug because of filename escape chars * Fix lint * Update docs about new configuration item * Fix bug of render HTML in sub directory * Add CSP head for displaying iframe in rendering file * Fix test * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * Some improvements * some improvement * revert change in SanitizerDisabled of external renderer * Add sandbox for iframe and support allow-scripts and allow-same-origin * refactor * fix * fix lint * fine tune * use single option RENDER_CONTENT_MODE, use sandbox=allow-scripts * fine tune CSP * Apply suggestions from code review Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
80 lines
2 KiB
Go
80 lines
2 KiB
Go
// Copyright 2022 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package repo
|
|
|
|
import (
|
|
"bytes"
|
|
"io"
|
|
"net/http"
|
|
"path"
|
|
|
|
"code.gitea.io/gitea/modules/charset"
|
|
"code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/git"
|
|
"code.gitea.io/gitea/modules/markup"
|
|
"code.gitea.io/gitea/modules/typesniffer"
|
|
"code.gitea.io/gitea/modules/util"
|
|
)
|
|
|
|
// RenderFile renders a file by repos path
|
|
func RenderFile(ctx *context.Context) {
|
|
blob, err := ctx.Repo.Commit.GetBlobByPath(ctx.Repo.TreePath)
|
|
if err != nil {
|
|
if git.IsErrNotExist(err) {
|
|
ctx.NotFound("GetBlobByPath", err)
|
|
} else {
|
|
ctx.ServerError("GetBlobByPath", err)
|
|
}
|
|
return
|
|
}
|
|
|
|
dataRc, err := blob.DataAsync()
|
|
if err != nil {
|
|
ctx.ServerError("DataAsync", err)
|
|
return
|
|
}
|
|
defer dataRc.Close()
|
|
|
|
buf := make([]byte, 1024)
|
|
n, _ := util.ReadAtMost(dataRc, buf)
|
|
buf = buf[:n]
|
|
|
|
st := typesniffer.DetectContentType(buf)
|
|
isTextFile := st.IsText()
|
|
|
|
rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc))
|
|
|
|
if markupType := markup.Type(blob.Name()); markupType == "" {
|
|
if isTextFile {
|
|
_, err = io.Copy(ctx.Resp, rd)
|
|
if err != nil {
|
|
ctx.ServerError("Copy", err)
|
|
}
|
|
return
|
|
}
|
|
ctx.Error(http.StatusInternalServerError, "Unsupported file type render")
|
|
return
|
|
}
|
|
|
|
treeLink := ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
|
|
if ctx.Repo.TreePath != "" {
|
|
treeLink += "/" + util.PathEscapeSegments(ctx.Repo.TreePath)
|
|
}
|
|
|
|
ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts")
|
|
err = markup.Render(&markup.RenderContext{
|
|
Ctx: ctx,
|
|
RelativePath: ctx.Repo.TreePath,
|
|
URLPrefix: path.Dir(treeLink),
|
|
Metas: ctx.Repo.Repository.ComposeDocumentMetas(),
|
|
GitRepo: ctx.Repo.GitRepo,
|
|
InStandalonePage: true,
|
|
}, rd, ctx.Resp)
|
|
if err != nil {
|
|
ctx.ServerError("Render", err)
|
|
return
|
|
}
|
|
}
|