From 3a00e785ea465fa2e847ba02082de895cb7212e8 Mon Sep 17 00:00:00 2001 From: "Gerasimos (Makis) Maropoulos" Date: Mon, 20 Mar 2023 18:16:35 +0200 Subject: [PATCH] fix #2098 --- HISTORY.md | 2 ++ NOTICE | 8 ++++---- context/context.go | 19 +++++++++++++++---- go.mod | 7 ++++--- go.sum | 12 ++++++------ mvc/controller.go | 25 ++++++++++++++++++++++++- mvc/mvc.go | 3 ++- 7 files changed, 57 insertions(+), 19 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index f8d75312..a5208b96 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -23,6 +23,8 @@ Developers are not forced to upgrade if they don't really need it. Upgrade whene Change applies to `master` branch. +- Replace [russross/blackfriday](github.com/russross/blackfriday/v2) with [gomarkdown](https://github.com/gomarkdown/markdown) as requested at [#2098](https://github.com/kataras/iris/issues/2098). + - Add `mvc.IgnoreEmbedded` option to handle [#2103](https://github.com/kataras/iris/issues/2103). Example Code: ```go diff --git a/NOTICE b/NOTICE index 44bfc0ff..9815d87a 100644 --- a/NOTICE +++ b/NOTICE @@ -19,10 +19,10 @@ Revision ID: 5fc50a00491616d5cd0cbce3abd8b699838e25ca 4e134eadfa bbolt a8af23b57f672fe https://github.com/etcd-io/bbolt f05637de531bba5 - aa00013364 - blackfriday d3b5b032dc8e892 https://github.com/russross/blackfriday - 7d31a5071b56e14 - c89f045135 + aa00013364 + markdown 2ced44d5b58482a https://github.com/gomarkdown/markdown + 9b77d1abad4c3d3 + 4b190880fe bluemonday 0a75d7616912ab9 https://github.com/microcosm-cc/bluemonday beb9cc6f7283ec1 917c61b135 diff --git a/context/context.go b/context/context.go index 62456503..7492e008 100644 --- a/context/context.go +++ b/context/context.go @@ -30,11 +30,12 @@ import ( "github.com/Shopify/goreferrer" "github.com/fatih/structs" + "github.com/gomarkdown/markdown" + "github.com/gomarkdown/markdown/html" "github.com/iris-contrib/schema" "github.com/mailru/easyjson" "github.com/mailru/easyjson/jwriter" "github.com/microcosm-cc/bluemonday" - "github.com/russross/blackfriday/v2" "github.com/vmihailenco/msgpack/v5" "golang.org/x/net/publicsuffix" "golang.org/x/time/rate" @@ -4033,6 +4034,10 @@ type Markdown struct { // content-specific Sanitize bool OmitErrorHandler bool // See JSON.OmitErrorHandler. + // + // Library-specific. + // E.g. Flags: html.CommonFlags | html.HrefTargetBlank + RenderOptions html.RendererOptions } var ( @@ -4460,14 +4465,20 @@ func (ctx *Context) Problem(v interface{}, opts ...ProblemOptions) error { return ctx.writeJSON(v, &options.JSON) } +var sanitizer = bluemonday.UGCPolicy() + // WriteMarkdown parses the markdown to html and writes these contents to the writer. var WriteMarkdown = func(ctx *Context, markdownB []byte, options *Markdown) error { - buf := blackfriday.Run(markdownB) + out := markdown.NormalizeNewlines(markdownB) + + renderer := html.NewRenderer(options.RenderOptions) + doc := markdown.Parse(out, nil) + out = markdown.Render(doc, renderer) if options.Sanitize { - buf = bluemonday.UGCPolicy().SanitizeBytes(buf) + out = sanitizer.SanitizeBytes(out) } - _, err := ctx.Write(buf) + _, err := ctx.Write(out) return err } diff --git a/go.mod b/go.mod index b279310a..57a7e283 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/fatih/structs v1.1.0 github.com/flosch/pongo2/v4 v4.0.2 github.com/golang/snappy v0.0.4 + github.com/gomarkdown/markdown v0.0.0-20230313173142-2ced44d5b584 github.com/google/uuid v1.3.0 github.com/gorilla/securecookie v1.1.1 github.com/iris-contrib/httpexpect/v2 v2.12.1 @@ -32,7 +33,6 @@ require ( github.com/mailru/easyjson v0.7.7 github.com/microcosm-cc/bluemonday v1.0.23 github.com/redis/go-redis/v9 v9.0.2 - github.com/russross/blackfriday/v2 v2.1.0 github.com/schollz/closestmatch v2.1.0+incompatible github.com/shirou/gopsutil/v3 v3.23.2 github.com/tdewolff/minify/v2 v2.12.5 @@ -78,14 +78,15 @@ require ( github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/nats-io/jwt/v2 v2.3.0 // indirect + github.com/nats-io/jwt/v2 v2.4.0 // indirect github.com/nats-io/nats.go v1.23.0 // indirect - github.com/nats-io/nkeys v0.3.0 // indirect + github.com/nats-io/nkeys v0.4.4 // indirect github.com/nats-io/nuid v1.0.1 // indirect github.com/nxadm/tail v1.4.8 // indirect github.com/pkg/errors v0.8.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sanity-io/litter v1.5.5 // indirect github.com/sergi/go-diff v1.0.0 // indirect github.com/sirupsen/logrus v1.8.1 // indirect diff --git a/go.sum b/go.sum index a4e63bb6..f3ce351f 100644 --- a/go.sum +++ b/go.sum @@ -72,6 +72,8 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/gomarkdown/markdown v0.0.0-20230313173142-2ced44d5b584 h1:XaUmlCIi5hEY5GPUV6oXc5eytg9+FBH9/9fOKblHWEU= +github.com/gomarkdown/markdown v0.0.0-20230313173142-2ced44d5b584/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -149,13 +151,13 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OH github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/nats-io/jwt/v2 v2.3.0 h1:z2mA1a7tIf5ShggOFlR1oBPgd6hGqcDYsISxZByUzdI= -github.com/nats-io/jwt/v2 v2.3.0/go.mod h1:0tqz9Hlu6bCBFLWAASKhE5vUA4c24L9KPUUgvwumE/k= +github.com/nats-io/jwt/v2 v2.4.0 h1:1woVcq37qhNwJOeZ4ZoRy5NJU5bvbtGsIammf2GpuJQ= +github.com/nats-io/jwt/v2 v2.4.0/go.mod h1:24BeQtRwxRV8ruvC4CojXlx/WQ/VjuwlYiH+vu/+ibI= github.com/nats-io/nats-server/v2 v2.9.11 h1:4y5SwWvWI59V5mcqtuoqKq6L9NDUydOP3Ekwuwl8cZI= github.com/nats-io/nats.go v1.23.0 h1:lR28r7IX44WjYgdiKz9GmUeW0uh/m33uD3yEjLZ2cOE= github.com/nats-io/nats.go v1.23.0/go.mod h1:ki/Scsa23edbh8IRZbCuNXR9TDcbvfaSijKtaqQgw+Q= -github.com/nats-io/nkeys v0.3.0 h1:cgM5tL53EvYRU+2YLXIK0G2mJtK12Ft9oeooSZMA2G8= -github.com/nats-io/nkeys v0.3.0/go.mod h1:gvUNGjVcM2IPr5rCsRsC6Wb3Hr2CQAm08dsxtV6A5y4= +github.com/nats-io/nkeys v0.4.4 h1:xvBJ8d69TznjcQl9t6//Q5xXuVhyYiSos6RPtvQNTwA= +github.com/nats-io/nkeys v0.4.4/go.mod h1:XUkxdLPTufzlihbamfzQ7mw/VGx6ObUs+0bN5sNvt64= github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= @@ -254,7 +256,6 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -264,7 +265,6 @@ golang.org/x/net v0.0.0-20190327091125-710a502c58a2/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= diff --git a/mvc/controller.go b/mvc/controller.go index 98c9e769..46630a70 100644 --- a/mvc/controller.go +++ b/mvc/controller.go @@ -201,10 +201,30 @@ func whatEmbeddedMethods(typ reflect.Type) []string { newEmbeddedStructType := reflect.New(structField.Type).Type() // let's take its methods and add to methods to ignore from the parent, the controller itself. for j := 0; j < newEmbeddedStructType.NumMethod(); j++ { - embeddedMethodName := newEmbeddedStructType.Method(j).Name + embeddedMethod := newEmbeddedStructType.Method(j) + embeddedMethodName := embeddedMethod.Name + // An exception should happen if the controller itself overrides the embedded method, + // but Go (1.20) so far doesn't support this detection, as it handles the structure as one. + /* + shouldKeepBecauseParentOverrides := false + + if v, existsOnParent := typ.MethodByName(embeddedMethodName); existsOnParent { + + embeddedIndex := newEmbeddedStructType.Method(j).Index + controllerMethodIndex := v.Index + + if v.Type.In(0) == typ && embeddedIndex == controllerMethodIndex { + fmt.Printf("%s exists on parent = true, receiver = %s\n", v.Name, typ.String()) + shouldKeepBecauseParentOverrides = true + continue + } + } + */ + embeddedMethodsToIgnore = append(embeddedMethodsToIgnore, embeddedMethodName) } } + return embeddedMethodsToIgnore } @@ -227,6 +247,9 @@ func (c *ControllerActivator) SkipMethods(methodNames ...string) { // SkipEmbeddedMethods should be ran before controller parsing. // It skips all embedded struct's methods conversation to http handlers. // +// Note that even if the controller overrides the embedded methods +// they will be still ignored because Go doesn't support this detection so far. +// // See https://github.com/kataras/iris/issues/2103 for more. func (c *ControllerActivator) SkipEmbeddedMethods() { methodsToIgnore := whatEmbeddedMethods(c.Type) diff --git a/mvc/mvc.go b/mvc/mvc.go index bd96076d..3ae2e80e 100644 --- a/mvc/mvc.go +++ b/mvc/mvc.go @@ -197,7 +197,8 @@ func (opt OptionFunc) Apply(c *ControllerActivator) { } // IgnoreEmbedded is an Option which can be used to ignore all embedded struct's method handlers. -// +// Note that even if the controller overrides the embedded methods +// they will be still ignored because Go doesn't support this detection so far. // For global affect, set the `IgnoreEmbeddedControllers` package-level variable to true. var IgnoreEmbedded OptionFunc = func(c *ControllerActivator) { c.SkipEmbeddedMethods()