Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Test SVG sanitize #8024

Closed
wants to merge 12 commits into from
Closed

Conversation

sapk
Copy link
Member

@sapk sapk commented Aug 28, 2019

@codecov-io
Copy link

Codecov Report

Merging #8024 into master will increase coverage by 0.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #8024      +/-   ##
==========================================
+ Coverage    41.6%   41.61%   +0.01%     
==========================================
  Files         479      480       +1     
  Lines       64106    64120      +14     
==========================================
+ Hits        26669    26683      +14     
  Misses      33979    33979              
  Partials     3458     3458
Impacted Files Coverage Δ
modules/util/svg/svg.go 100% <100%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cedb285...6276c15. Read the comment docs.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Aug 28, 2019
@@ -0,0 +1,35 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about rename modules/util to modules/image so that we can put all image related packages there.

)

// MinifySVG compact svg strings
func MinifySVG(svgData io.Reader) (*bytes.Buffer, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since package name has svg. The function name could be simple as Minify.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or probably better Sanitize

Copy link
Member Author

@sapk sapk Aug 29, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lafriks there is a sanitize function. The main goal of minify is to be able to use the same test fixture from know lib because the indentation of bluemonday is not the same. Maybe we would kept it to serve rendered/filtered file but it is not necessary.

@stale
Copy link

stale bot commented Nov 1, 2019

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you for your contributions.

@stale stale bot added the issue/stale label Nov 1, 2019
@stale
Copy link

stale bot commented Dec 31, 2019

This pull request has been automatically closed because of inactivity. You can re-open it if needed.

@stale stale bot closed this Dec 31, 2019
@davidsvantesson
Copy link
Contributor

@sapk Did you reach any conclusion on this? Difficult to implement, or to get / ensure sanitized enough? Or would this work if just integrate the Sanitize and Minify functions into the code serving the content?

@sapk
Copy link
Member Author

sapk commented Jan 3, 2020

@davidsvantesson From what, I recall, some part are good like the test that re-use samples of good lib in another language. The cleaning would not be perfect in the sense that I don't have exactly the same result as expected but it would may be near enough but still need work to validate.

@lafriks lafriks reopened this Jan 4, 2020
@stale stale bot removed the issue/stale label Jan 4, 2020
@stale
Copy link

stale bot commented Mar 4, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you for your contributions.

@stale stale bot added the issue/stale label Mar 4, 2020
@sapk
Copy link
Member Author

sapk commented Mar 4, 2020

Thx stale bot for the reminder. 😄

@stale stale bot removed the issue/stale label Mar 4, 2020
@sapk sapk force-pushed the test-svg-sanitize branch from 75e1515 to 6ee9fe5 Compare April 19, 2020 00:02
@6543
Copy link
Member

6543 commented Apr 19, 2020

@sapk go v1.14 is needed to have valid output with make vendor

@sapk
Copy link
Member Author

sapk commented Apr 19, 2020

@6543 Yes currently setting it up. (I am on a temporary WSL debian which is not yet on go1.14 😢)

@sapk
Copy link
Member Author

sapk commented Apr 19, 2020

I think the bluemonday poilcy need to be rethink and document what it allow. It will work to provide a safe svg but it will be at the cost of limited svg functionnality currently. At first we could allow a minimal subset of svg func for safety and increase the allowes element list with the demand.

@stale
Copy link

stale bot commented Jun 18, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you for your contributions.

@stale stale bot added the issue/stale label Jun 18, 2020
@6543
Copy link
Member

6543 commented Jun 18, 2020

status?

@stale stale bot removed the issue/stale label Jun 18, 2020
@stale
Copy link

stale bot commented Aug 22, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you for your contributions.

@stale stale bot added the issue/stale label Aug 22, 2020
@stale
Copy link

stale bot commented Oct 22, 2020

This pull request has been automatically closed because of inactivity. You can re-open it if needed.

@stale stale bot closed this Oct 22, 2020
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
issue/stale lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants