ATProto Browser

ATProto Browser

Experimental browser for the Atmosphere

Record data

{
  "uri": "at://did:plc:qfpnj4og54vl56wngdriaxug/sh.tangled.repo.pull/3lom4yfcoma22",
  "cid": "bafyreicvvbu4pyqduoi3jchq6ugtme3tcb6j5hm3iv2ombgh54spcysmqq",
  "value": {
    "$type": "sh.tangled.repo.pull",
    "patch": "From 3a3da0b37dd8c7674d6d3585cdce276b6fe8e7a2 Mon Sep 17 00:00:00 2001\nFrom: Akshay <nerdy@peppe.rs>\nDate: Wed, 7 May 2025 20:27:22 +0100\nSubject: [PATCH] appview: pages/markup: enable html.Unsafe in renderer\n\nsubsequently, every RenderMarkdown call has been wrapped with\nbluemonday sanitization.\n---\n appview/pages/funcmap.go         | 3 ++-\n appview/pages/markup/markdown.go | 2 ++\n appview/pages/pages.go           | 2 +-\n 3 files changed, 5 insertions(+), 2 deletions(-)\n\ndiff --git a/appview/pages/funcmap.go b/appview/pages/funcmap.go\nindex 816b083..038e745 100644\n--- a/appview/pages/funcmap.go\n+++ b/appview/pages/funcmap.go\n@@ -13,6 +13,7 @@ import (\n \t\"time\"\n \n \t\"github.com/dustin/go-humanize\"\n+\t\"github.com/microcosm-cc/bluemonday\"\n \t\"tangled.sh/tangled.sh/core/appview/filetree\"\n \t\"tangled.sh/tangled.sh/core/appview/pages/markup\"\n )\n@@ -144,7 +145,7 @@ func funcMap() template.FuncMap {\n \t\t},\n \t\t\"markdown\": func(text string) template.HTML {\n \t\t\trctx := &markup.RenderContext{RendererType: markup.RendererTypeDefault}\n-\t\t\treturn template.HTML(rctx.RenderMarkdown(text))\n+\t\t\treturn template.HTML(bluemonday.UGCPolicy().Sanitize(rctx.RenderMarkdown(text)))\n \t\t},\n \t\t\"isNil\": func(t any) bool {\n \t\t\t// returns false for other \"zero\" values\ndiff --git a/appview/pages/markup/markdown.go b/appview/pages/markup/markdown.go\nindex f684c0b..e41c003 100644\n--- a/appview/pages/markup/markdown.go\n+++ b/appview/pages/markup/markdown.go\n@@ -10,6 +10,7 @@ import (\n \t\"github.com/yuin/goldmark/ast\"\n \t\"github.com/yuin/goldmark/extension\"\n \t\"github.com/yuin/goldmark/parser\"\n+\t\"github.com/yuin/goldmark/renderer/html\"\n \t\"github.com/yuin/goldmark/text\"\n \t\"github.com/yuin/goldmark/util\"\n \t\"tangled.sh/tangled.sh/core/appview/pages/repoinfo\"\n@@ -41,6 +42,7 @@ func (rctx *RenderContext) RenderMarkdown(source string) string {\n \t\tgoldmark.WithParserOptions(\n \t\t\tparser.WithAutoHeadingID(),\n \t\t),\n+\t\tgoldmark.WithRendererOptions(html.WithUnsafe()),\n \t)\n \n \tif rctx != nil {\ndiff --git a/appview/pages/pages.go b/appview/pages/pages.go\nindex a9738f2..b18daea 100644\n--- a/appview/pages/pages.go\n+++ b/appview/pages/pages.go\n@@ -549,7 +549,7 @@ func (p *Pages) RepoBlob(w io.Writer, params RepoBlobParams) error {\n \t\tcase markup.FormatMarkdown:\n \t\t\tp.rctx.RepoInfo = params.RepoInfo\n \t\t\tp.rctx.RendererType = markup.RendererTypeRepoMarkdown\n-\t\t\tparams.RenderedContents = template.HTML(p.rctx.RenderMarkdown(params.Contents))\n+\t\t\tparams.RenderedContents = template.HTML(bluemonday.UGCPolicy().Sanitize(p.rctx.RenderMarkdown(params.Contents)))\n \t\t}\n \t}\n \n-- \n2.43.0\n\n",
    "title": "appview: pages/markup: enable html.Unsafe in renderer",
    "pullId": 85,
    "source": {
      "branch": "enable-html"
    },
    "createdAt": "",
    "targetRepo": "at://did:plc:wshs7t2adsemcrrd4snkeqli/sh.tangled.repo/3liuighjy2h22",
    "targetBranch": "master"
  }
}