Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Render code blocks in repo description #26830

Merged
merged 5 commits into from
Aug 31, 2023
Merged

Render code blocks in repo description #26830

merged 5 commits into from
Aug 31, 2023

Conversation

silverwind
Copy link
Member

@silverwind silverwind commented Aug 30, 2023
edited
Loading

Backtick syntax now works in repo description too. Also, I replaced the CSS for this was a new single class, making it more flexible and not dependent on a parent. Also, very slightly reduced font size from 16.8px to 16px.

Screenshot 2023-08-31 at 00 47 52

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Aug 30, 2023
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Aug 30, 2023
@silverwind silverwind added the type/enhancement An improvement of existing functionality label Aug 30, 2023
@pull-request-size pull-request-size bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 30, 2023
delvh
delvh reviewed Aug 30, 2023
View reviewed changes
templates/repo/home.tmpl
@@ -8,7 +8,7 @@
<div class="ui repo-description">
<div id="repo-desc">
{{$description := .Repository.DescriptionHTML $.Context}}
{{if $description}}<span class="description">{{$description}}</span>{{else if .IsRepositoryAdmin}}<span class="no-description text-italic">{{.locale.Tr "repo.no_desc"}}</span>{{end}}
{{if $description}}<span class="description">{{$description | RenderCodeBlock}}</span>{{else if .IsRepositoryAdmin}}<span class="no-description text-italic">{{.locale.Tr "repo.no_desc"}}</span>{{end}}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Surprising that that passes the validation…
I would expect that to escape the HTML tags as it is (obviously) unsafe…

Copy link
Member Author

@silverwind silverwind Aug 30, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right, it's possible to inject HTML here, wonder if that was the case before. Any suggestions how to fix?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can confirm HTML injection was possible before. It's sanitized but imho we should remove this.

Copy link
Member Author

@silverwind silverwind Aug 31, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could also be that this injection is somewhat intentional if the title is rendered like other markdown. Question is really if we want this thought as it allows the user to break page layout in the repo title, which imho is to be avoided.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Aug 30, 2023
wxiaoguang
wxiaoguang reviewed Aug 31, 2023
View reviewed changes
web_src/css/repo.css Outdated Show resolved Hide resolved
@silverwind
Copy link
Member Author

I guess we can merge this now and defer the discussion about HTML rendering in repo description to later, to not expand the scope of this change.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Aug 31, 2023
@wxiaoguang wxiaoguang enabled auto-merge (squash) August 31, 2023 04:29
@wxiaoguang wxiaoguang added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Aug 31, 2023
@wxiaoguang wxiaoguang merged commit 3d10986 into go-gitea:main Aug 31, 2023
23 checks passed
@GiteaBot GiteaBot added this to the 1.21.0 milestone Aug 31, 2023
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Aug 31, 2023
@silverwind silverwind deleted the inline-code-block branch August 31, 2023 08:35
@silverwind silverwind mentioned this pull request Aug 31, 2023
Merged
zjjhot added a commit to zjjhot/gitea that referenced this pull request Sep 1, 2023
@zjjhot
Merge remote-tracking branch 'giteaoffical/main'
92a4a33 
* giteaoffical/main: (22 commits)
  Use case-insensitive regex for all webpack assets (go-gitea#26867)
  restrict certificate type for builtin SSH server (go-gitea#26789)
  feat(API): add secret deletion functionality for repository (go-gitea#26808)
  Avoid double-unescaping of form value (go-gitea#26853)
  Move web/api context related testing function into a separate package (go-gitea#26859)
  Remove some unused CSS styles (go-gitea#26852)
  [skip ci] Updated translations via Crowdin
  Minor dashboard tweaks, fix flex-list margins (go-gitea#26829)
  Update team invitation email link (go-gitea#26550)
  Redirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank issues are disabled (go-gitea#26813)
  Remove "TODO" tasks from CSS file (go-gitea#26835)
  User details page (go-gitea#26713)
  Render code blocks in repo description (go-gitea#26830)
  Remove joinPaths function (go-gitea#26833)
  Remove polluted `.ui.right` (go-gitea#26825)
  Sync tags when adopting repos (go-gitea#26816)
  rm comment about hugo (go-gitea#26832)
  Fix filename for .spectral.yaml (go-gitea#26828)
  [skip ci] Updated translations via Crowdin
  Check blocklist for emails when adding them to account (go-gitea#26812)
  ...
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Nov 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@delvh delvh delvh approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.21.0
Development

Successfully merging this pull request may close these issues.
4 participants
@silverwind @wxiaoguang @delvh @GiteaBot