mirror of
https://github.com/gohugoio/hugo.git
synced 2025-08-18 21:11:19 +02:00
Do not warn on potentially unsafe HTML comments when unsafe=false
We will still not render these comments, so from a safety perspective this is the same, but HTML comments are very common also inside Markdown and too useful to throw away. Updates #13278
This commit is contained in:
@@ -174,6 +174,9 @@ func (r *hugoContextRenderer) renderHTMLBlock(
|
||||
w util.BufWriter, source []byte, node ast.Node, entering bool,
|
||||
) (ast.WalkStatus, error) {
|
||||
n := node.(*ast.HTMLBlock)
|
||||
isHTMLComment := func(b []byte) bool {
|
||||
return len(b) > 4 && b[0] == '<' && b[1] == '!' && b[2] == '-' && b[3] == '-'
|
||||
}
|
||||
if entering {
|
||||
if r.Unsafe {
|
||||
l := n.Lines().Len()
|
||||
@@ -188,8 +191,12 @@ func (r *hugoContextRenderer) renderHTMLBlock(
|
||||
r.Writer.SecureWrite(w, linev)
|
||||
}
|
||||
} else {
|
||||
r.logRawHTMLEmittedWarn(w)
|
||||
_, _ = w.WriteString("<!-- raw HTML omitted -->\n")
|
||||
l := n.Lines().At(0)
|
||||
v := l.Value(source)
|
||||
if !isHTMLComment(v) {
|
||||
r.logRawHTMLEmittedWarn(w)
|
||||
_, _ = w.WriteString("<!-- raw HTML omitted -->\n")
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if n.HasClosure() {
|
||||
@@ -197,7 +204,11 @@ func (r *hugoContextRenderer) renderHTMLBlock(
|
||||
closure := n.ClosureLine
|
||||
r.Writer.SecureWrite(w, closure.Value(source))
|
||||
} else {
|
||||
_, _ = w.WriteString("<!-- raw HTML omitted -->\n")
|
||||
l := n.Lines().At(0)
|
||||
v := l.Value(source)
|
||||
if !isHTMLComment(v) {
|
||||
_, _ = w.WriteString("<!-- raw HTML omitted -->\n")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user