Allow render HTML with css/js external links (#19017)

* Allow render HTML with css/js external links * Fix bug because of filename escape chars * Fix lint * Update docs about new configuration item * Fix bug of render HTML in sub directory * Add CSP head for displaying iframe in rendering file * Fix test * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * Some improvements * some improvement * revert change in SanitizerDisabled of external renderer * Add sandbox for iframe and support allow-scripts and allow-same-origin * refactor * fix * fix lint * fine tune * use single option RENDER_CONTENT_MODE, use sandbox=allow-scripts * fine tune CSP * Apply suggestions from code review Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-06-16 11:33:23 +08:00 · 2022-06-16 11:33:23 +08:00 · b01dce2a6e
commit b01dce2a6e
parent 7d1770cd71
17 changed files with 248 additions and 93 deletions
--- a/modules/markup/console/console.go
+++ b/modules/markup/console/console.go
@ -33,9 +33,6 @@ func (Renderer) Name() string {
 	return MarkupName
 }

-// NeedPostProcess implements markup.Renderer
-func (Renderer) NeedPostProcess() bool { return false }
-
 // Extensions implements markup.Renderer
 func (Renderer) Extensions() []string {
 	return []string{".sh-session"}
@ -48,11 +45,6 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
 	}
 }

-// SanitizerDisabled disabled sanitize if return true
-func (Renderer) SanitizerDisabled() bool {
-	return false
-}
-
 // CanRender implements markup.RendererContentDetector
 func (Renderer) CanRender(filename string, input io.Reader) bool {
 	buf, err := io.ReadAll(input)