mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-13 15:59:33 -05:00
[v8.0/forgejo] Don't panic on empty blockquote
- Backport #4602
- On a empty blockquote the callout feature would panic, as it expects
to always have at least one child.
- This panic cannot result in a DoS, because any panic that happens
while rendering any markdown input will be recovered gracefully.
- Adds a simple condition to avoid this panic.
(cherry picked from commit efd63ec1d8
)
This commit is contained in:
parent
75808d5ba9
commit
bb9dcec39c
3 changed files with 22 additions and 0 deletions
modules/markup/markdown
|
@ -36,6 +36,10 @@ func (g *GitHubCalloutTransformer) Transform(node *ast.Document, reader text.Rea
|
|||
|
||||
switch v := n.(type) {
|
||||
case *ast.Blockquote:
|
||||
if v.ChildCount() == 0 {
|
||||
return ast.WalkContinue, nil
|
||||
}
|
||||
|
||||
// We only want attention blockquotes when the AST looks like:
|
||||
// Text: "["
|
||||
// Text: "!TYPE"
|
||||
|
|
|
@ -25,6 +25,10 @@ func (g *GitHubLegacyCalloutTransformer) Transform(node *ast.Document, reader te
|
|||
|
||||
switch v := n.(type) {
|
||||
case *ast.Blockquote:
|
||||
if v.ChildCount() == 0 {
|
||||
return ast.WalkContinue, nil
|
||||
}
|
||||
|
||||
// The first paragraph contains the callout type.
|
||||
firstParagraph := v.FirstChild()
|
||||
if firstParagraph.ChildCount() < 1 {
|
||||
|
|
|
@ -1210,3 +1210,17 @@ func TestCustomMarkdownURL(t *testing.T) {
|
|||
test("[test](abp)",
|
||||
`<p><a href="http://localhost:3000/gogits/gogs/src/branch/main/abp" rel="nofollow">test</a></p>`)
|
||||
}
|
||||
|
||||
func TestCallout(t *testing.T) {
|
||||
setting.AppURL = AppURL
|
||||
|
||||
test := func(input, expected string) {
|
||||
buffer, err := markdown.RenderString(&markup.RenderContext{
|
||||
Ctx: git.DefaultContext,
|
||||
}, input)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(string(buffer)))
|
||||
}
|
||||
|
||||
test(">\n0", "<blockquote>\n</blockquote>\n<p>0</p>")
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue