Git Repo Viewer
git.user254.kr/gitiles/3739fcd8b2ffc252e5bb05c2a789054ffa8507bc^!/./gitiles-dev
commit
3739fcd8b2ffc252e5bb05c2a789054ffa8507bc
[log] [tgz]
author
Shawn Pearce <[email protected]>
Fri Jun 30 15:38:17 2017 -0700
committer
Shawn Pearce <[email protected]>
Mon Aug 07 10:46:41 2017 -0700
tree
1dea607b6d5b658fcadf6a900ff66456365af48c
parent
afbb9932770bdcab58fc92a454920c82492551dd [diff]
Add support for glue to permit some block HTML in Markdown

Allow a RootedDocServlet created by an integration application to
override the way MarkdownToHtml handles HtmlBlock AST nodes, casting
them into SafeHtml that can be appended directly to the HtmlBuilder.

This can allow an integrator to pass the user content through an HTML
sanitizer, and pass-through a subset it believes to be safe.

The default still drops everything on the floor, and it's not possible
to configure Gitiles to pass-through HTML by default.  Application
code changes are required to invoke the proper RootedDocServlet
constructor.

Change-Id: Id412bc8670d2c25f36c8486e0d3600d1cb9d0710

diff --git a/gitiles-dev/BUILD b/gitiles-dev/BUILD
index e58623d..2552321 100644
--- a/gitiles-dev/BUILD
+++ b/gitiles-dev/BUILD

@@ -5,6 +5,7 @@
     deps = [
         "//gitiles-servlet:servlet",
         "//lib:guava",
+        "//lib:html-types",
         "//lib:servlet-api_3_0",
         "//lib/jetty:server",
         "//lib/jetty:servlet",

diff --git a/gitiles-dev/src/main/java/com/google/gitiles/dev/DevServer.java b/gitiles-dev/src/main/java/com/google/gitiles/dev/DevServer.java
index 35a594f..000b0cb 100644
--- a/gitiles-dev/src/main/java/com/google/gitiles/dev/DevServer.java
+++ b/gitiles-dev/src/main/java/com/google/gitiles/dev/DevServer.java

@@ -18,12 +18,14 @@
 import static com.google.gitiles.GitilesServlet.STATIC_PREFIX;
 
 import com.google.common.base.Strings;
+import com.google.common.html.types.UncheckedConversions;
 import com.google.gitiles.DebugRenderer;
 import com.google.gitiles.GitilesAccess;
 import com.google.gitiles.GitilesServlet;
 import com.google.gitiles.PathServlet;
 import com.google.gitiles.RepositoryDescription;
 import com.google.gitiles.RootedDocServlet;
+import com.google.gitiles.doc.HtmlSanitizer;
 import java.io.File;
 import java.io.IOException;
 import java.net.InetAddress;
@@ -176,7 +178,17 @@
           }
         };
 
-    return new RootedDocServlet(resolver, new RootedDocAccess(docRepo), renderer);
+    HtmlSanitizer.Factory htmlSanitizer = HtmlSanitizer.DISABLED_FACTORY;
+    if (cfg.getBoolean("markdown", "unsafeAllowUserContentHtmlInDevMode", false)) {
+      log.warn("!!! Allowing unsafe user content HTML in Markdown !!!");
+      htmlSanitizer =
+          request ->
+              rawUnsafeHtml ->
+                  // Yes, this is evil. It's not known the input was safe.
+                  // I'm a development server to test Gitiles, not a cop.
+                  UncheckedConversions.safeHtmlFromStringKnownToSatisfyTypeContract(rawUnsafeHtml);
+    }
+    return new RootedDocServlet(resolver, new RootedDocAccess(docRepo), renderer, htmlSanitizer);
   }
 
   private class RootedDocAccess implements GitilesAccess.Factory {