Detailed changes
@@ -32,6 +32,7 @@ require (
github.com/lib/pq v1.10.9
github.com/lrstanley/bubblezone/v2 v2.0.0-alpha.3
github.com/matryer/is v1.4.1
+ github.com/microcosm-cc/bluemonday v1.0.27
github.com/muesli/mango-cobra v1.3.0
github.com/muesli/reflow v0.3.0
github.com/muesli/roff v0.1.0
@@ -40,8 +41,10 @@ require (
github.com/rogpeppe/go-internal v1.14.1
github.com/sergi/go-diff v1.4.0
github.com/spf13/cobra v1.10.2
+ github.com/yuin/goldmark v1.7.8
go.uber.org/automaxprocs v1.6.0
golang.org/x/crypto v0.47.0
+ golang.org/x/net v0.48.0
golang.org/x/sync v0.19.0
gopkg.in/yaml.v3 v3.0.1
modernc.org/sqlite v1.44.2
@@ -75,7 +78,6 @@ require (
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.19 // indirect
github.com/mcuadros/go-version v0.0.0-20190830083331-035f6764e8d2 // indirect
- github.com/microcosm-cc/bluemonday v1.0.27 // indirect
github.com/muesli/cancelreader v0.2.2 // indirect
github.com/muesli/mango v0.2.0 // indirect
github.com/muesli/mango-pflag v0.1.0 // indirect
@@ -89,11 +91,9 @@ require (
github.com/sahilm/fuzzy v0.1.1 // indirect
github.com/spf13/pflag v1.0.9 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
- github.com/yuin/goldmark v1.7.8 // indirect
github.com/yuin/goldmark-emoji v1.0.5 // indirect
go.yaml.in/yaml/v2 v2.4.2 // indirect
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect
- golang.org/x/net v0.48.0 // indirect
golang.org/x/sys v0.40.0 // indirect
golang.org/x/text v0.33.0 // indirect
golang.org/x/tools v0.40.0 // indirect
@@ -14,7 +14,7 @@ import (
"strings"
"time"
- "github.com/charmbracelet/log/v2"
+ "charm.land/log/v2"
"github.com/charmbracelet/soft-serve/git"
"github.com/charmbracelet/soft-serve/pkg/proto"
"github.com/dustin/go-humanize"
@@ -240,13 +240,13 @@ func renderHTML(w http.ResponseWriter, templateName string, data interface{}) {
}
w.Header().Set("Content-Type", "text/html; charset=utf-8")
-
+
// Security headers
// Note: style-src 'unsafe-inline' is required for inline styles in templates (tree.html, overview.html)
w.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'none'")
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("X-Content-Type-Options", "nosniff")
-
+
if err := tmpl.ExecuteTemplate(w, "layout", data); err != nil {
log.Debug("template execution failed", "template", templateName, "err", err)
// Already started writing response, so we can't render an error page
@@ -4,7 +4,7 @@ import (
"html/template"
"net/http"
- "github.com/charmbracelet/log/v2"
+ "charm.land/log/v2"
"github.com/charmbracelet/soft-serve/pkg/backend"
"github.com/charmbracelet/soft-serve/pkg/config"
"github.com/charmbracelet/soft-serve/pkg/proto"
@@ -8,11 +8,11 @@ import (
"path/filepath"
"strings"
+ "charm.land/log/v2"
"github.com/alecthomas/chroma/v2"
"github.com/alecthomas/chroma/v2/formatters/html"
"github.com/alecthomas/chroma/v2/lexers"
"github.com/alecthomas/chroma/v2/styles"
- "github.com/charmbracelet/log/v2"
"github.com/charmbracelet/soft-serve/pkg/config"
"github.com/charmbracelet/soft-serve/pkg/proto"
"github.com/gorilla/mux"
@@ -5,7 +5,7 @@ import (
"net/http"
"strconv"
- "github.com/charmbracelet/log/v2"
+ "charm.land/log/v2"
"github.com/charmbracelet/soft-serve/git"
"github.com/charmbracelet/soft-serve/pkg/config"
"github.com/charmbracelet/soft-serve/pkg/proto"
@@ -4,7 +4,7 @@ import (
"net/http"
"strings"
- "github.com/charmbracelet/log/v2"
+ "charm.land/log/v2"
"github.com/charmbracelet/soft-serve/git"
"github.com/charmbracelet/soft-serve/pkg/config"
"github.com/charmbracelet/soft-serve/pkg/proto"
@@ -5,7 +5,7 @@ import (
"net/http"
"strconv"
- "github.com/charmbracelet/log/v2"
+ "charm.land/log/v2"
"github.com/charmbracelet/soft-serve/git"
"github.com/charmbracelet/soft-serve/pkg/config"
"github.com/charmbracelet/soft-serve/pkg/proto"
@@ -65,7 +65,7 @@ func getSanitizerPolicy() *bluemonday.Policy {
// If ctx is provided, relative URLs will be rewritten to point to repository files.
func renderMarkdown(content []byte, ctx *ReadmeContext) (template.HTML, error) {
var buf bytes.Buffer
-
+
mdOpts := []goldmark.Option{
goldmark.WithExtensions(extension.GFM),
goldmark.WithParserOptions(
@@ -75,7 +75,7 @@ func renderMarkdown(content []byte, ctx *ReadmeContext) (template.HTML, error) {
goldmarkhtml.WithUnsafe(),
),
}
-
+
// Add URL rewriter if context is provided
if ctx != nil {
rewriter := newURLRewriter(*ctx)
@@ -83,7 +83,7 @@ func renderMarkdown(content []byte, ctx *ReadmeContext) (template.HTML, error) {
parser.WithASTTransformers(util.Prioritized(rewriter, 500)),
))
}
-
+
md := goldmark.New(mdOpts...)
if err := md.Convert(content, &buf); err != nil {
@@ -9,7 +9,7 @@ import (
"strings"
"time"
- "github.com/charmbracelet/log/v2"
+ "charm.land/log/v2"
"github.com/charmbracelet/soft-serve/pkg/access"
"github.com/charmbracelet/soft-serve/pkg/backend"
"github.com/charmbracelet/soft-serve/pkg/config"
@@ -5,7 +5,7 @@ import (
"html/template"
"net/http"
- "github.com/charmbracelet/log/v2"
+ "charm.land/log/v2"
"github.com/charmbracelet/soft-serve/pkg/backend"
"github.com/charmbracelet/soft-serve/pkg/config"
"github.com/charmbracelet/soft-serve/pkg/proto"
@@ -5,7 +5,7 @@ import (
"strings"
"time"
- "github.com/charmbracelet/log/v2"
+ "charm.land/log/v2"
"github.com/charmbracelet/soft-serve/git"
"github.com/charmbracelet/soft-serve/pkg/config"
"github.com/charmbracelet/soft-serve/pkg/proto"
@@ -6,7 +6,7 @@ import (
"strconv"
"time"
- "github.com/charmbracelet/log/v2"
+ "charm.land/log/v2"
"github.com/charmbracelet/soft-serve/git"
"github.com/charmbracelet/soft-serve/pkg/config"
"github.com/charmbracelet/soft-serve/pkg/proto"
@@ -3,7 +3,7 @@ package web
import (
"net/http"
- "github.com/charmbracelet/log/v2"
+ "charm.land/log/v2"
"github.com/charmbracelet/soft-serve/git"
"github.com/charmbracelet/soft-serve/pkg/config"
"github.com/charmbracelet/soft-serve/pkg/proto"