1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 12:54:53 -05:00

[BUG] Don't panic on empty blockquote

- On a empty blockquote the callout feature would panic, as it expects
to always have at least one child.
- This panic cannot result in a DoS, because any panic that happens
while rendering any markdown input will be recovered gracefully.
- Adds a simple condition to avoid this panic.
This commit is contained in:
Gusted 2024-07-21 01:02:31 +02:00
parent 3beaee62bb
commit efd63ec1d8
No known key found for this signature in database
GPG key ID: FD821B732837125F
3 changed files with 22 additions and 0 deletions

View file

@ -36,6 +36,10 @@ func (g *GitHubCalloutTransformer) Transform(node *ast.Document, reader text.Rea
switch v := n.(type) {
case *ast.Blockquote:
if v.ChildCount() == 0 {
return ast.WalkContinue, nil
}
// We only want attention blockquotes when the AST looks like:
// Text: "["
// Text: "!TYPE"

View file

@ -25,6 +25,10 @@ func (g *GitHubLegacyCalloutTransformer) Transform(node *ast.Document, reader te
switch v := n.(type) {
case *ast.Blockquote:
if v.ChildCount() == 0 {
return ast.WalkContinue, nil
}
// The first paragraph contains the callout type.
firstParagraph := v.FirstChild()
if firstParagraph.ChildCount() < 1 {

View file

@ -1342,3 +1342,17 @@ key: value
</tbody>
</table>`)
}
func TestCallout(t *testing.T) {
setting.AppURL = AppURL
test := func(input, expected string) {
buffer, err := markdown.RenderString(&markup.RenderContext{
Ctx: git.DefaultContext,
}, input)
assert.NoError(t, err)
assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(string(buffer)))
}
test(">\n0", "<blockquote>\n</blockquote>\n<p>0</p>")
}