Commit 9031a7d5d50f303d5a7016cab7a40e7782ca7cdb – server – forge

// SPDX-License-Identifier: AGPL-3.0-only
// SPDX-FileCopyrightText: Copyright (c) 2025 Runxi Yu <https://runxiyu.org>

package main

import (
	"bytes"
	"html"
	"html/template"
	"strings"

	"github.com/go-git/go-git/v5/plumbing/object"
	"github.com/microcosm-cc/bluemonday"
	"github.com/niklasfasching/go-org/org"
	"github.com/yuin/goldmark"
	"github.com/yuin/goldmark/extension"
)

var markdownConverter = goldmark.New(goldmark.WithExtensions(extension.GFM))

// escapeHTML just escapes a string and wraps it in [template.HTML].
func escapeHTML(s string) template.HTML {
	return template.HTML(html.EscapeString(s)) //#nosec G203
}

// renderReadmeAtTree looks for README files in the supplied Git tree and
// returns its filename and rendered (and sanitized) HTML.

func renderReadmeAtTree(tree *object.Tree) (readmeFilename string, readmeRenderedSafeHTML template.HTML) {
	var readmeRenderedUnsafe bytes.Buffer
	var readmeFile *object.File
	var readmeFileContents string
	var err error

	if readmeFile, err = tree.File("README"); err == nil {
		if readmeFileContents, err = readmeFile.Contents(); err != nil {
			return "Error fetching README", escapeHTML("Unable to fetch contents of README: " + err.Error())

func renderReadmeAtTree(tree *object.Tree) (string, template.HTML) {
	for _, name := range []string{"README", "README.md", "README.org"} {
		file, err := tree.File(name)
		if err != nil {
			continue


		return "README", template.HTML("<pre>" + html.EscapeString(readmeFileContents) + "</pre>") //#nosec G203

		contents, err := file.Contents()
		if err != nil {
			return "Error fetching README", escapeHTML("Unable to fetch contents of " + name + ": " + err.Error())
		}
		return renderReadme([]byte(contents), name)

	return "", ""
}

	if readmeFile, err = tree.File("README.md"); err == nil {
		if readmeFileContents, err = readmeFile.Contents(); err != nil {
			return "Error fetching README", escapeHTML("Unable to fetch contents of README: " + err.Error())
		}

		if err = markdownConverter.Convert(stringToBytes(readmeFileContents), &readmeRenderedUnsafe); err != nil {

// renderReadme renders and sanitizes README content from a byte slice and filename.
func renderReadme(data []byte, filename string) (string, template.HTML) {
	switch strings.ToLower(filename) {
	case "readme":
		return "README", template.HTML("<pre>" + html.EscapeString(string(data)) + "</pre>") //#nosec G203
	case "readme.md":
		var buf bytes.Buffer
		if err := markdownConverter.Convert(data, &buf); err != nil {

			return "Error fetching README", escapeHTML("Unable to render README: " + err.Error())
		}


		return "README.md", template.HTML(bluemonday.UGCPolicy().SanitizeBytes(readmeRenderedUnsafe.Bytes())) //#nosec G203
	}

	if readmeFile, err = tree.File("README.org"); err == nil {
		if readmeFileContents, err = readmeFile.Contents(); err != nil {
			return "Error fetching README", escapeHTML("Unable to fetch contents of README: " + err.Error())
		}

		orgHTML, err := org.New().Parse(strings.NewReader(readmeFileContents), readmeFilename).Write(org.NewHTMLWriter())

		return "README.md", template.HTML(bluemonday.UGCPolicy().SanitizeBytes(buf.Bytes())) //#nosec G203
	case "readme.org":
		htmlStr, err := org.New().Parse(strings.NewReader(string(data)), filename).Write(org.NewHTMLWriter())

		if err != nil {
			return "Error fetching README", escapeHTML("Unable to render README: " + err.Error())
		}


		return "README.org", template.HTML(bluemonday.UGCPolicy().Sanitize(orgHTML)) //#nosec G203

		return "README.org", template.HTML(bluemonday.UGCPolicy().Sanitize(htmlStr)) //#nosec G203
	default:
		return filename, template.HTML("<pre>" + html.EscapeString(string(data)) + "</pre>") //#nosec G203


	return "", ""
}

// escapeHTML just escapes a string and wraps it in [template.HTML].
func escapeHTML(s string) template.HTML {
	return template.HTML(html.EscapeString(s)) //#nosec G203