diff --git a/pages/dirview.go b/pages/dirview.go index 46a5a7d..31cebf7 100644 --- a/pages/dirview.go +++ b/pages/dirview.go @@ -61,7 +61,7 @@ func DirView(c *fiber.Ctx) error { }) sc.OnHTML("div#readme div.Box-body", func(e *colly.HTMLElement) { Content, _ := e.DOM.Html() - readmeOutput = strings.Replace(strings.Replace(string(utils.UGCPolicy().SanitizeBytes([]byte(Content))), "https://github.com", "", -1), "user-content-", "", -1) + readmeOutput = strings.Replace(strings.Replace(strings.Replace(strings.Replace(string(utils.UGCPolicy().SanitizeBytes([]byte(Content))), "https://github.com", "", -1), "user-content-", "", -1), "https://camo.githubusercontent.com", "/camo", -1), "https://raw.githubusercontent.com", "/raw", -1) }) sc.OnHTML("div.js-details-container div.Details-content--hidden-not-important", func(e *colly.HTMLElement) { e.ForEach("div.js-navigation-item", func(i int, el *colly.HTMLElement) { diff --git a/pages/repo.go b/pages/repo.go index 69f1b57..858397c 100644 --- a/pages/repo.go +++ b/pages/repo.go @@ -86,7 +86,7 @@ func HandleRepo(c *fiber.Ctx) error { }) sc.OnHTML("div#readme div.Box-body", func(e *colly.HTMLElement) { Content, _ := e.DOM.Html() - readmeOutput = strings.Replace(strings.Replace(string(utils.UGCPolicy().SanitizeBytes([]byte(Content))), "https://github.com", "", -1), "user-content-", "", -1) + readmeOutput = strings.Replace(strings.Replace(strings.Replace(strings.Replace(string(utils.UGCPolicy().SanitizeBytes([]byte(Content))), "https://github.com", "", -1), "user-content-", "", -1), "https://camo.githubusercontent.com", "/camo", -1), "https://raw.githubusercontent.com", "/raw", -1) }) sc.OnHTML("div.BorderGrid-cell ul.list-style-none", func(e *colly.HTMLElement) { e.ForEach("li.d-inline .d-inline-flex", func(i int, el *colly.HTMLElement) { diff --git a/pages/user.go b/pages/user.go index 2c74677..bff5636 100644 --- a/pages/user.go +++ b/pages/user.go @@ -157,7 +157,7 @@ func HandleUser(c *fiber.Ctx) error { }) sc.OnHTML("article.markdown-body", func(e *colly.HTMLElement) { Content, _ := e.DOM.Html() - Scrape.Readme = strings.Replace(string(utils.UGCPolicy().SanitizeBytes([]byte(Content))), "https://github.com", "", -1) + Scrape.Readme = strings.Replace(strings.Replace(strings.Replace(strings.Replace(string(utils.UGCPolicy().SanitizeBytes([]byte(Content))), "https://github.com", "", -1), "user-content-", "", -1), "https://camo.githubusercontent.com", "/camo", -1), "https://raw.githubusercontent.com", "/raw", -1) }) sc.OnHTML("div.text-mono", func(e *colly.HTMLElement) { Scrape.ReadmeUrl = strings.Replace(e.ChildAttr("a", "href"), "tree", "blob", -1) diff --git a/serve/serve.go b/serve/serve.go index 6ee4a3c..4b2fc6c 100644 --- a/serve/serve.go +++ b/serve/serve.go @@ -116,6 +116,10 @@ func Serve(port string) { utils.ProxyRequest(c, "https://github.com/"+c.Params("user")+"/"+c.Params("repo")+"/archive/"+c.Params("branch")+".zip") return nil }) + app.Get("/camo/:p1/:p2", func(c *fiber.Ctx) error { + utils.ProxyRequest(c, "https://camo.githubusercontent.com/"+c.Params("p1")+"/"+c.Params("p2")) + return nil + }) app.Get("/gist/:user/:gistID", pages.HandleGist) app.Get("/download/gist/:user/:gistID/:revision", func(c *fiber.Ctx) error { utils.ProxyRequest(c, "https://gist.github.com/"+c.Params("user")+"/"+c.Params("gistID")+"/archive/"+c.Params("revision")+".zip") diff --git a/utils/ugcpolicy.go b/utils/ugcpolicy.go index ffcb4a8..0f9607a 100644 --- a/utils/ugcpolicy.go +++ b/utils/ugcpolicy.go @@ -110,9 +110,17 @@ func UGCPolicy() *bluemonday.Policy { p.AllowAttrs("shape").Matching( regexp.MustCompile(`(?i)^(default|circle|rect|poly)$`), ).OnElements("area") + + // "img" is permitted + p.AllowImages() p.AllowAttrs("usemap").Matching( regexp.MustCompile(`(?i)^#[\p{L}\p{N}_-]+$`), ).OnElements("img") + p.AllowAttrs("src").Matching( + regexp.MustCompile(`(?i)^\/[\p{L}\p{N}\/\.]+$`), + ).OnElements("img") + p.AllowAttrs("style").OnElements("img") + p.AllowAttrs("alt").OnElements("img") // "link" is not permitted