repos / pico

pico services - prose.sh, pastes.sh, imgs.sh, feeds.sh, pgs.sh
git clone https://github.com/picosh/pico.git
commit
880b572
parent
2980e3e
author
Eric Bower
date
2022-08-04 16:44:41 +0000 UTC
feat(prose): support limited raw html inside markdown

It would be nice to support limited html in our markdown files so users
can futher customize their blog posts.

We are using https://github.com/microcosm-cc/bluemonday to handle proper
sanitization.
4 files changed,  +23, -3
M docker-compose.override.yml
M go.mod
M go.sum
M prose/parser.go
M docker-compose.override.yml
+0, -2 
1@@ -3,8 +3,6 @@ services:
2   postgres:
3     env_file:
4       - .env.example
5-    volumes:
6-      - ./data/postgres-data:/var/lib/postgresql/data
7     ports:
8       - "5432:5432"
9   lists-web:
M go.mod
+4, -0 
 1@@ -16,6 +16,7 @@ require (
 2 	github.com/gorilla/feeds v1.1.1
 3 	github.com/lib/pq v1.10.6
 4 	github.com/matryer/is v1.4.0
 5+	github.com/microcosm-cc/bluemonday v1.0.19
 6 	github.com/muesli/reflow v0.3.0
 7 	github.com/pkg/sftp v1.13.5
 8 	github.com/yuin/goldmark v1.4.12
 9@@ -29,6 +30,7 @@ require (
10 require (
11 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
12 	github.com/atotto/clipboard v0.1.4 // indirect
13+	github.com/aymerick/douceur v0.2.0 // indirect
14 	github.com/beorn7/perks v1.0.1 // indirect
15 	github.com/caarlos0/sshmarshal v0.1.0 // indirect
16 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
17@@ -36,6 +38,7 @@ require (
18 	github.com/containerd/console v1.0.3 // indirect
19 	github.com/dlclark/regexp2 v1.7.0 // indirect
20 	github.com/golang/protobuf v1.5.2 // indirect
21+	github.com/gorilla/css v1.0.0 // indirect
22 	github.com/kr/fs v0.1.0 // indirect
23 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
24 	github.com/mattn/go-isatty v0.0.14 // indirect
25@@ -52,6 +55,7 @@ require (
26 	github.com/rivo/uniseg v0.2.0 // indirect
27 	go.uber.org/atomic v1.9.0 // indirect
28 	go.uber.org/multierr v1.8.0 // indirect
29+	golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
30 	golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704 // indirect
31 	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 // indirect
32 	google.golang.org/protobuf v1.28.1 // indirect
M go.sum
+7, -0 
 1@@ -46,6 +46,8 @@ github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de h1:FxWPpzIjnTlhP
 2 github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de/go.mod h1:DCaWoUhZrYW9p1lxo/cm8EmUOOzAPSEZNGF2DK1dJgw=
 3 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
 4 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
 5+github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 6+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 7 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 8 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 9 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
10@@ -157,6 +159,8 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf
11 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
12 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
13 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
14+github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
15+github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
16 github.com/gorilla/feeds v1.1.1 h1:HwKXxqzcRNg9to+BbvJog4+f3s/xzvtZXICcQGutYfY=
17 github.com/gorilla/feeds v1.1.1/go.mod h1:Nk0jZrvPFZX1OBe5NPiddPw7CfwF6Q9eqzaBbaightA=
18 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
19@@ -197,6 +201,8 @@ github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4
20 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
21 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
22 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
23+github.com/microcosm-cc/bluemonday v1.0.19 h1:OI7hoF5FY4pFz2VA//RN8TfM0YJ2dJcl4P4APrCWy6c=
24+github.com/microcosm-cc/bluemonday v1.0.19/go.mod h1:QNzV2UbLK2/53oIIwTOyLUSABMkjZ4tqiyC1g/DyqxE=
25 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
26 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
27 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
28@@ -371,6 +377,7 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
29 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
30 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
31 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
32+golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
33 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
34 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
35 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
M prose/parser.go
+12, -1 
 1@@ -8,11 +8,13 @@ import (
 2 
 3 	"github.com/alecthomas/chroma/formatters/html"
 4 	"github.com/araddon/dateparse"
 5+	"github.com/microcosm-cc/bluemonday"
 6 	"github.com/yuin/goldmark"
 7 	highlighting "github.com/yuin/goldmark-highlighting"
 8 	meta "github.com/yuin/goldmark-meta"
 9 	"github.com/yuin/goldmark/extension"
10 	"github.com/yuin/goldmark/parser"
11+	ghtml "github.com/yuin/goldmark/renderer/html"
12 )
13 
14 type MetaData struct {
15@@ -28,6 +30,8 @@ type ParsedText struct {
16 	*MetaData
17 }
18 
19+var policy = bluemonday.UGCPolicy()
20+
21 func toString(obj interface{}) string {
22 	if obj == nil {
23 		return ""
24@@ -111,12 +115,19 @@ func ParseText(text string) (*ParsedText, error) {
25 			meta.Meta,
26 			hili,
27 		),
28+		goldmark.WithParserOptions(
29+			parser.WithAutoHeadingID(),
30+		),
31+		goldmark.WithRendererOptions(
32+			ghtml.WithUnsafe(),
33+		),
34 	)
35 	context := parser.NewContext()
36 	if err := md.Convert([]byte(text), &buf, parser.WithContext(context)); err != nil {
37 		return &parsed, err
38 	}
39-	parsed.Html = buf.String()
40+
41+	parsed.Html = policy.Sanitize(buf.String())
42 	metaData := meta.Get(context)
43 	parsed.MetaData.Title = toString(metaData["title"])
44 	parsed.MetaData.Description = toString(metaData["description"])