mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-24 19:12:24 +00:00 
			
		
		
		
	[v7.0/forgejo] Don't panic on empty blockquote
- On a empty blockquote the callout feature would panic, as it expects
to always have at least one child.
- This panic cannot result in a DoS, because any panic that happens
while rendering any markdown input will be recovered gracefully.
- Adds a simple condition to avoid this panic.
(cherry picked from commit efd63ec1d8)
	
	
This commit is contained in:
		
					parent
					
						
							
								1f9c3040dc
							
						
					
				
			
			
				commit
				
					
						ff4662be92
					
				
			
		
					 3 changed files with 22 additions and 0 deletions
				
			
		|  | @ -36,6 +36,10 @@ func (g *GitHubCalloutTransformer) Transform(node *ast.Document, reader text.Rea | |||
| 
 | ||||
| 		switch v := n.(type) { | ||||
| 		case *ast.Blockquote: | ||||
| 			if v.ChildCount() == 0 { | ||||
| 				return ast.WalkContinue, nil | ||||
| 			} | ||||
| 
 | ||||
| 			// We only want attention blockquotes when the AST looks like: | ||||
| 			// Text: "[" | ||||
| 			// Text: "!TYPE" | ||||
|  |  | |||
|  | @ -25,6 +25,10 @@ func (g *GitHubLegacyCalloutTransformer) Transform(node *ast.Document, reader te | |||
| 
 | ||||
| 		switch v := n.(type) { | ||||
| 		case *ast.Blockquote: | ||||
| 			if v.ChildCount() == 0 { | ||||
| 				return ast.WalkContinue, nil | ||||
| 			} | ||||
| 
 | ||||
| 			// The first paragraph contains the callout type. | ||||
| 			firstParagraph := v.FirstChild() | ||||
| 			if firstParagraph.ChildCount() < 1 { | ||||
|  |  | |||
|  | @ -1212,3 +1212,17 @@ func TestCustomMarkdownURL(t *testing.T) { | |||
| 	test("[test](abp)", | ||||
| 		`<p><a href="http://localhost:3000/gogits/gogs/src/branch/main/abp" rel="nofollow">test</a></p>`) | ||||
| } | ||||
| 
 | ||||
| func TestCallout(t *testing.T) { | ||||
| 	setting.AppURL = AppURL | ||||
| 
 | ||||
| 	test := func(input, expected string) { | ||||
| 		buffer, err := markdown.RenderString(&markup.RenderContext{ | ||||
| 			Ctx: git.DefaultContext, | ||||
| 		}, input) | ||||
| 		assert.NoError(t, err) | ||||
| 		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(string(buffer))) | ||||
| 	} | ||||
| 
 | ||||
| 	test(">\n0", "<blockquote>\n</blockquote>\n<p>0</p>") | ||||
| } | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue