forgejo/docs/content/doc/advanced
Alexander Scheel ee7df7ba8c Markdown: Sanitizier Configuration (#9075)
* Support custom sanitization policy

Allowing the gitea administrator to configure sanitization policy allows
them to couple external renders and custom templates to support more
markup. In particular, the `pandoc` renderer allows generating KaTeX
annotations, wrapping them in `<span>` elements with class `math` and
either `inline` or `display` (depending on whether or not inline or
block mode was requested).

This iteration gives the administrator whitelisting powers; carefully
crafted regexes will thus let through only the desired attributes
necessary to support their custom markup.

Resolves: #9054

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>

* Document new sanitization configuration

 - Adds basic documentation to app.ini.sample,
 - Adds an example to the Configuration Cheat Sheet, and
 - Adds extended information to External Renderers section.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>

* Drop extraneous length check in newMarkupSanitizer(...)

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>

* Fix plural ELEMENT and ALLOW_ATTR in docs

These were left over from their initial names. Make them singular to
conform with the current expectations.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
2019-12-07 14:49:04 -05:00
..
api-usage.en-us.md DOCS: add mention of swagger api reference (#8452) 2019-10-10 08:42:01 -04:00
api-usage.zh-cn.md Adapt documentation to renamed ENABLE_SWAGGER option (#5811) 2019-01-23 20:09:18 +00:00
ci-cd.en-us.md Add buildbot CI (#8378) 2019-10-04 19:30:05 +02:00
config-cheat-sheet.en-us.md Markdown: Sanitizier Configuration (#9075) 2019-12-07 14:49:04 -05:00
config-cheat-sheet.zh-cn.md Only show part of members on orgnization dashboard and add paging for orgnization members page (#9092) 2019-12-06 13:34:54 +08:00
customizing-gitea.en-us.md [Feature] Custom Reactions (#8886) 2019-12-01 17:57:24 -05:00
customizing-gitea.zh-cn.md Fix translation errors in doc advanced part (zh-cn) (#5112) 2018-12-23 18:57:49 +08:00
external-renderers.en-us.md Markdown: Sanitizier Configuration (#9075) 2019-12-07 14:49:04 -05:00
hacking-on-gitea.en-us.md Add Node.js build dep, remove built js/css files (#9114) 2019-12-05 11:41:38 +08:00
hacking-on-gitea.zh-cn.md ZH-CN translation of Advanced part (#5090) 2018-10-17 14:21:20 +03:00
logging-documentation.en-us.md Move serv hook functionality & drop GitLogger (#6993) 2019-06-01 23:00:21 +08:00
mail-templates-us.md Add review comments to mail notifications (#8996) 2019-11-15 12:59:21 +00:00
make.en-us.md General documentation cleanup (#3317) 2018-01-08 23:48:42 +01:00
make.fr-fr.md General documentation cleanup (#3317) 2018-01-08 23:48:42 +01:00
make.zh-cn.md ZH-CN translation of Advanced part (#5090) 2018-10-17 14:21:20 +03:00
migrations.en-us.md Add Close() method to gogitRepository (#8901) 2019-11-13 07:01:19 +00:00
oauth2-provider.md Add oauth2 documentation (#6604) 2019-04-14 10:42:11 +02:00
repo-indexer.en-us.md Restrict repository indexing by glob match (#7767) 2019-09-11 20:26:28 +03:00
signing.en-us.md Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
specific-variables.en-us.md Copyedit docs (#6275) 2019-03-09 16:15:45 -05:00
specific-variables.zh-cn.md ZH-CN translation of Advanced part (#5090) 2018-10-17 14:21:20 +03:00
third-party-tools.en-us.md Update third-party-tools.en-us.md (#8148) 2019-09-11 00:16:11 -04:00
third-party-tools.zh-cn.md Create third-party-tools.zh-cn.md (#6303) 2019-11-08 17:32:30 -05:00