Refactor flash message and remove SanitizeHTML template func (#37179)
1. Fix the "flash message" layout problem for different cases * I am sure most of the users should have ever seen the ugly center-aligned error message with multiple lines. 2. Fix inconsistent "Details" flash message EOL handling, sometimes `\n`, sometimes `<br>` * Now, always use "\n" and use `<pre>` to render 3. Remove SanitizeHTML template func because it is not useful and can be easily abused. * But it is still kept for mail templates, for example: https://github.com/go-gitea/gitea/issues/36049 4. Clarify PostProcessCommitMessage's behavior and add FIXME comment By the way: cleaned up some devtest pages, move embedded style block to CSS file
This commit is contained in:
wxiaoguang
@@ -231,7 +231,7 @@ func CreateBranch(ctx *context.Context) {
|
||||
flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
|
||||
"Message": ctx.Tr("repo.editor.push_rejected"),
|
||||
"Summary": ctx.Tr("repo.editor.push_rejected_summary"),
|
||||
"Details": utils.SanitizeFlashErrorString(e.Message),
|
||||
"Details": utils.EscapeFlashErrorString(e.Message),
|
||||
})
|
||||
if err != nil {
|
||||
ctx.ServerError("UpdatePullRequest.HTMLString", err)
|
||||
|
||||
@@ -410,7 +410,8 @@ func Diff(ctx *context.Context) {
|
||||
ctx.Data["NoteCommit"] = note.Commit
|
||||
ctx.Data["NoteAuthor"] = user_model.ValidateCommitWithEmail(ctx, note.Commit)
|
||||
rctx := renderhelper.NewRenderContextRepoComment(ctx, ctx.Repo.Repository, renderhelper.RepoCommentOptions{CurrentRefPath: path.Join("commit", util.PathEscapeSegments(commitID))})
|
||||
ctx.Data["NoteRendered"], err = markup.PostProcessCommitMessage(rctx, template.HTMLEscapeString(string(charset.ToUTF8WithFallback(note.Message, charset.ConvertOpts{}))))
|
||||
htmlMessage := template.HTML(template.HTMLEscapeString(string(charset.ToUTF8WithFallback(note.Message, charset.ConvertOpts{}))))
|
||||
ctx.Data["NoteRendered"], err = markup.PostProcessCommitMessage(rctx, htmlMessage)
|
||||
if err != nil {
|
||||
ctx.ServerError("PostProcessCommitMessage", err)
|
||||
return
|
||||
|
||||
@@ -27,13 +27,13 @@ func editorHandleFileOperationErrorRender(ctx *context_service.Context, message,
|
||||
flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
|
||||
"Message": message,
|
||||
"Summary": summary,
|
||||
"Details": utils.SanitizeFlashErrorString(details),
|
||||
"Details": utils.EscapeFlashErrorString(details),
|
||||
})
|
||||
if err == nil {
|
||||
ctx.JSONError(flashError)
|
||||
} else {
|
||||
log.Error("RenderToHTML: %v", err)
|
||||
ctx.JSONError(message + "\n" + summary + "\n" + utils.SanitizeFlashErrorString(details))
|
||||
log.Error("RenderToHTML(%q, %q, %q), error: %v", message, summary, details, err)
|
||||
ctx.JSONError("Unable to render error details, see server logs") // it should never happen
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -170,7 +170,7 @@ func renderErrorOfTemplates(ctx *context.Context, errs map[string]error) templat
|
||||
flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
|
||||
"Message": ctx.Tr("repo.issues.choose.ignore_invalid_templates"),
|
||||
"Summary": ctx.Tr("repo.issues.choose.invalid_templates", len(errs)),
|
||||
"Details": utils.SanitizeFlashErrorString(strings.Join(lines, "\n")),
|
||||
"Details": utils.EscapeFlashErrorString(strings.Join(lines, "\n")),
|
||||
})
|
||||
if err != nil {
|
||||
log.Debug("render flash error: %v", err)
|
||||
|
||||
@@ -29,7 +29,6 @@ import (
|
||||
"code.gitea.io/gitea/modules/markup"
|
||||
"code.gitea.io/gitea/modules/markup/markdown"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/templates"
|
||||
"code.gitea.io/gitea/modules/templates/vars"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
"code.gitea.io/gitea/modules/web/middleware"
|
||||
@@ -781,14 +780,14 @@ func prepareIssueViewCommentsAndSidebarParticipants(ctx *context.Context, issue
|
||||
} else if comment.Type == issues_model.CommentTypeAddTimeManual ||
|
||||
comment.Type == issues_model.CommentTypeStopTracking ||
|
||||
comment.Type == issues_model.CommentTypeDeleteTimeManual {
|
||||
// drop error since times could be pruned from DB..
|
||||
// drop error since times could be pruned from DB
|
||||
_ = comment.LoadTime(ctx)
|
||||
if comment.Content != "" {
|
||||
// Content before v1.21 did store the formatted string instead of seconds,
|
||||
// so "|" is used as delimiter to mark the new format
|
||||
if comment.Content[0] != '|' {
|
||||
// handle old time comments that have formatted text stored
|
||||
comment.RenderedContent = templates.SanitizeHTML(comment.Content)
|
||||
comment.RenderedContent = markup.Sanitize(comment.Content)
|
||||
comment.Content = ""
|
||||
} else {
|
||||
// else it's just a duration in seconds to pass on to the frontend
|
||||
|
||||
@@ -1042,7 +1042,7 @@ func UpdatePullRequest(ctx *context.Context) {
|
||||
flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
|
||||
"Message": ctx.Tr("repo.pulls.merge_conflict"),
|
||||
"Summary": ctx.Tr("repo.pulls.merge_conflict_summary"),
|
||||
"Details": utils.SanitizeFlashErrorString(conflictError.StdErr) + "<br>" + utils.SanitizeFlashErrorString(conflictError.StdOut),
|
||||
"Details": utils.EscapeFlashErrorString(conflictError.StdErr) + "\n" + utils.EscapeFlashErrorString(conflictError.StdOut),
|
||||
})
|
||||
if err != nil {
|
||||
ctx.ServerError("UpdatePullRequest.HTMLString", err)
|
||||
@@ -1054,9 +1054,9 @@ func UpdatePullRequest(ctx *context.Context) {
|
||||
} else if pull_service.IsErrRebaseConflicts(err) {
|
||||
conflictError := err.(pull_service.ErrRebaseConflicts)
|
||||
flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
|
||||
"Message": ctx.Tr("repo.pulls.rebase_conflict", utils.SanitizeFlashErrorString(conflictError.CommitSHA)),
|
||||
"Message": ctx.Tr("repo.pulls.rebase_conflict", utils.EscapeFlashErrorString(conflictError.CommitSHA)),
|
||||
"Summary": ctx.Tr("repo.pulls.rebase_conflict_summary"),
|
||||
"Details": utils.SanitizeFlashErrorString(conflictError.StdErr) + "<br>" + utils.SanitizeFlashErrorString(conflictError.StdOut),
|
||||
"Details": utils.EscapeFlashErrorString(conflictError.StdErr) + "\n" + utils.EscapeFlashErrorString(conflictError.StdOut),
|
||||
})
|
||||
if err != nil {
|
||||
ctx.ServerError("UpdatePullRequest.HTMLString", err)
|
||||
@@ -1191,7 +1191,7 @@ func MergePullRequest(ctx *context.Context) {
|
||||
flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
|
||||
"Message": ctx.Tr("repo.editor.merge_conflict"),
|
||||
"Summary": ctx.Tr("repo.editor.merge_conflict_summary"),
|
||||
"Details": utils.SanitizeFlashErrorString(conflictError.StdErr) + "<br>" + utils.SanitizeFlashErrorString(conflictError.StdOut),
|
||||
"Details": utils.EscapeFlashErrorString(conflictError.StdErr) + "\n" + utils.EscapeFlashErrorString(conflictError.StdOut),
|
||||
})
|
||||
if err != nil {
|
||||
ctx.ServerError("MergePullRequest.HTMLString", err)
|
||||
@@ -1202,9 +1202,9 @@ func MergePullRequest(ctx *context.Context) {
|
||||
} else if pull_service.IsErrRebaseConflicts(err) {
|
||||
conflictError := err.(pull_service.ErrRebaseConflicts)
|
||||
flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
|
||||
"Message": ctx.Tr("repo.pulls.rebase_conflict", utils.SanitizeFlashErrorString(conflictError.CommitSHA)),
|
||||
"Message": ctx.Tr("repo.pulls.rebase_conflict", utils.EscapeFlashErrorString(conflictError.CommitSHA)),
|
||||
"Summary": ctx.Tr("repo.pulls.rebase_conflict_summary"),
|
||||
"Details": utils.SanitizeFlashErrorString(conflictError.StdErr) + "<br>" + utils.SanitizeFlashErrorString(conflictError.StdOut),
|
||||
"Details": utils.EscapeFlashErrorString(conflictError.StdErr) + "\n" + utils.EscapeFlashErrorString(conflictError.StdOut),
|
||||
})
|
||||
if err != nil {
|
||||
ctx.ServerError("MergePullRequest.HTMLString", err)
|
||||
@@ -1234,7 +1234,7 @@ func MergePullRequest(ctx *context.Context) {
|
||||
flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
|
||||
"Message": ctx.Tr("repo.pulls.push_rejected"),
|
||||
"Summary": ctx.Tr("repo.pulls.push_rejected_summary"),
|
||||
"Details": utils.SanitizeFlashErrorString(pushrejErr.Message),
|
||||
"Details": utils.EscapeFlashErrorString(pushrejErr.Message),
|
||||
})
|
||||
if err != nil {
|
||||
ctx.ServerError("MergePullRequest.HTMLString", err)
|
||||
@@ -1454,7 +1454,7 @@ func CompareAndPullRequestPost(ctx *context.Context) {
|
||||
flashError, err := ctx.RenderToHTML(tplAlertDetails, map[string]any{
|
||||
"Message": ctx.Tr("repo.pulls.push_rejected"),
|
||||
"Summary": ctx.Tr("repo.pulls.push_rejected_summary"),
|
||||
"Details": utils.SanitizeFlashErrorString(pushrejErr.Message),
|
||||
"Details": utils.EscapeFlashErrorString(pushrejErr.Message),
|
||||
})
|
||||
if err != nil {
|
||||
ctx.ServerError("CompareAndPullRequest.HTMLString", err)
|
||||
|
||||
Reference in New Issue
Block a user