zjjhot
diff --git a/‎MAINTAINERS‎
Lines changed: 0 additions & 1 deletion b/‎MAINTAINERS‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎cmd/restore_repo.go‎
Lines changed: 3 additions & 3 deletions b/‎cmd/restore_repo.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎custom/conf/app.example.ini‎
Lines changed: 6 additions & 3 deletions b/‎custom/conf/app.example.ini‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎docs/content/doc/advanced/config-cheat-sheet.en-us.md‎
Lines changed: 9 additions & 6 deletions b/‎docs/content/doc/advanced/config-cheat-sheet.en-us.md‎
Lines changed: 9 additions & 6 deletions
diff --git a/‎docs/content/doc/advanced/config-cheat-sheet.zh-cn.md‎
Lines changed: 5 additions & 2 deletions b/‎docs/content/doc/advanced/config-cheat-sheet.zh-cn.md‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎integrations/links_test.go‎
Lines changed: 6 additions & 6 deletions b/‎integrations/links_test.go‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎models/db/context.go‎
Lines changed: 1 addition & 1 deletion b/‎models/db/context.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎models/db/engine_test.go‎
Lines changed: 56 additions & 0 deletions b/‎models/db/engine_test.go‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎models/db/main_test.go‎
Lines changed: 21 additions & 0 deletions b/‎models/db/main_test.go‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎models/engine_test.go‎
Lines changed: 0 additions & 34 deletions b/‎models/engine_test.go‎
Lines changed: 0 additions & 34 deletions
@@ -45,6 +45,5 @@ Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
 Leon Hofmeister <dev.lh@web.de> (@delvh) 
 Gusted <williamzijl7@hotmail.com) (@Gusted)
-singuliere <singuliere@autistici.org> (@singuliere)
 silentcode <silentcode@senga.org> (@silentcodeg)
 Wim <wim@42.be> (@42wim)
@@ -37,10 +37,10 @@ var CmdRestoreRepository = cli.Command{
 			Value: "",
 			Usage: "Restore destination repository name",
 		},
-		cli.StringFlag{
+		cli.StringSliceFlag{
 			Name:  "units",
-			Value: "",
-			Usage: `Which items will be restored, one or more units should be separated as comma.
+			Value: nil,
+			Usage: `Which items will be restored, one or more units should be repeated with this flag.
 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
 		},
 		cli.BoolFlag{
 
@@ -2125,7 +2125,7 @@ PATH =
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
 ;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
-;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,ελληνικά,فارسی,magyar nyelv,bahasa Indonesia,മലയാളം
+;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2181,8 +2181,11 @@ PATH =
 ;RENDER_COMMAND = "asciidoc --out-file=- -"
 ;; Don't pass the file on STDIN, pass the filename as argument instead.
 ;IS_INPUT_FILE = false
-; Don't filter html tags and attributes if true
-;DISABLE_SANITIZER = false
+;; How the content will be rendered.
+;; * sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in [markup.sanitizer.*] .
+;; * no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
+;; * iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
+;RENDER_CONTENT_MODE=sanitized
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
@@ -631,7 +631,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
   - Built-in networks:
     - `loopback`: 127.0.0.0/8 for IPv4 and ::1/128 for IPv6, localhost is included.
     - `private`: RFC 1918 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and RFC 4193 (FC00::/7). Also called LAN/Intranet.
-    - `external`: A valid non-private unicast IP, you can access all hosts on public internet. 
+    - `external`: A valid non-private unicast IP, you can access all hosts on public internet.
     - `*`: All hosts are allowed.
   - CIDR list: `1.2.3.0/8` for IPv4 and `2001:db8::/32` for IPv6
   - Wildcard hosts: `*.mydomain.com`, `192.168.100.*`
@@ -763,7 +763,7 @@ Default templates for project boards:
 - `STACKTRACE_LEVEL`: **None**: Default log level at which to log create stack traces. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
 - `ENABLE_SSH_LOG`: **false**: save ssh log to log file
 - `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.
- 
+
 ### Router Log (`log`)
 - `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
 - `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default Gitea logger.)
@@ -998,9 +998,9 @@ Default templates for project boards:
 
 ## i18n (`i18n`)
 
-- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**:
+- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**:
      List of locales shown in language selector. The first locale will be used as the default if user browser's language doesn't match any locale in the list.
-- `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,ελληνικά,فارسی,magyar nyelv,bahasa Indonesia,മലയാളം**: Visible names corresponding to the locales
+- `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം**: Visible names corresponding to the locales
 
 ## U2F (`U2F`) **DEPRECATED**
 - `APP_ID`: **`ROOT_URL`**: Declares the facet of the application which is used for authentication of previously registered U2F keys. Requires HTTPS.
@@ -1026,13 +1026,16 @@ IS_INPUT_FILE = false
    command. Multiple extensions needs a comma as splitter.
 - RENDER\_COMMAND: External command to render all matching extensions.
 - IS\_INPUT\_FILE: **false** Input is not a standard input but a file param followed `RENDER_COMMAND`.
-- DISABLE_SANITIZER: **false** Don't filter html tags and attributes if true. Don't change this to true except you know what that means.
+- RENDER_CONTENT_MODE: **sanitized** How the content will be rendered.
+  - sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in `[markup.sanitizer.*]`.
+  - no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
+  - iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
 
 Two special environment variables are passed to the render command:
 - `GITEA_PREFIX_SRC`, which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
 - `GITEA_PREFIX_RAW`, which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.
 
-If `DISABLE_SANITIZER` is false, Gitea supports customizing the sanitization policy for rendered HTML. The example below will support KaTeX output from pandoc.
+If `RENDER_CONTENT_MODE` is `sanitized`, Gitea supports customizing the sanitization policy for rendered HTML. The example below will support KaTeX output from pandoc.
 
 ```ini
 [markup.sanitizer.TeX]
 
@@ -318,14 +318,17 @@ IS_INPUT_FILE = false
 - FILE_EXTENSIONS: 关联的文档的扩展名，多个扩展名用都好分隔。
 - RENDER_COMMAND: 工具的命令行命令及参数。
 - IS_INPUT_FILE: 输入方式是最后一个参数为文件路径还是从标准输入读取。
-- DISABLE_SANITIZER: **false** 如果为 true 则不过滤 HTML 标签和属性。除非你知道这意味着什么，否则不要设置为 true。
+- RENDER_CONTENT_MODE: **sanitized** 内容如何被渲染。
+  - sanitized: 对内容进行净化并渲染到当前页面中，仅有一部分 HTML 标签和属性是被允许的。
+  - no-sanitizer: 禁用净化器，把内容渲染到当前页面中。此模式是**不安全**的，如果内容中含有恶意代码，可能会导致 XSS 攻击。
+  - iframe: 把内容渲染在一个独立的页面中并使用 iframe 嵌入到当前页面中。使用的 iframe 工作在沙箱模式并禁用了同源请求，JS 代码被安全的从父页面中隔离出去。
 
 以下两个环境变量将会被传递给渲染命令：
 
 - `GITEA_PREFIX_SRC`：包含当前的`src`路径的URL前缀，可以被用于链接的前缀。
 - `GITEA_PREFIX_RAW`：包含当前的`raw`路径的URL前缀，可以被用于图片的前缀。
 
-如果 `DISABLE_SANITIZER` 为 false，则 Gitea 支持自定义渲染 HTML 的净化策略。以下例子将用 pandoc 支持 KaTeX 输出。
+如果 `RENDER_CONTENT_MODE` 为 `sanitized`，则 Gitea 支持自定义渲染 HTML 的净化策略。以下例子将用 pandoc 支持 KaTeX 输出。
 
 ```ini
 [markup.sanitizer.TeX]
 
@@ -22,11 +22,11 @@ func TestLinksNoLogin(t *testing.T) {
 
 	links := []string{
 		"/explore/repos",
-		"/explore/repos?q=test&tab=",
+		"/explore/repos?q=test",
 		"/explore/users",
-		"/explore/users?q=test&tab=",
+		"/explore/users?q=test",
 		"/explore/organizations",
-		"/explore/organizations?q=test&tab=",
+		"/explore/organizations?q=test",
 		"/",
 		"/user/sign_up",
 		"/user/login",
@@ -81,11 +81,11 @@ func TestNoLoginNotExist(t *testing.T) {
 func testLinksAsUser(userName string, t *testing.T) {
 	links := []string{
 		"/explore/repos",
-		"/explore/repos?q=test&tab=",
+		"/explore/repos?q=test",
 		"/explore/users",
-		"/explore/users?q=test&tab=",
+		"/explore/users?q=test",
 		"/explore/organizations",
-		"/explore/organizations?q=test&tab=",
+		"/explore/organizations?q=test",
 		"/",
 		"/user/forgot_password",
 		"/api/swagger",
 
@@ -32,7 +32,7 @@ type Context struct {
 	e Engine
 }
 
-// WithEngine returns a db.Context from a context.Context and db.Engine
+// WithEngine returns a Context from a context.Context and Engine
 func WithEngine(ctx context.Context, e Engine) *Context {
 	return &Context{
 		Context: ctx,
 
@@ -0,0 +1,56 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package db_test
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	issues_model "code.gitea.io/gitea/models/issues"
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDumpDatabase(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	dir, err := os.MkdirTemp(os.TempDir(), "dump")
+	assert.NoError(t, err)
+
+	type Version struct {
+		ID      int64 `xorm:"pk autoincr"`
+		Version int64
+	}
+	assert.NoError(t, db.GetEngine(db.DefaultContext).Sync2(new(Version)))
+
+	for _, dbType := range setting.SupportedDatabaseTypes {
+		assert.NoError(t, db.DumpDatabase(filepath.Join(dir, dbType+".sql"), dbType))
+	}
+}
+
+func TestDeleteOrphanedObjects(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	countBefore, err := db.GetEngine(db.DefaultContext).Count(&issues_model.PullRequest{})
+	assert.NoError(t, err)
+
+	_, err = db.GetEngine(db.DefaultContext).Insert(&issues_model.PullRequest{IssueID: 1000}, &issues_model.PullRequest{IssueID: 1001}, &issues_model.PullRequest{IssueID: 1003})
+	assert.NoError(t, err)
+
+	orphaned, err := db.CountOrphanedObjects("pull_request", "issue", "pull_request.issue_id=issue.id")
+	assert.NoError(t, err)
+	assert.EqualValues(t, 3, orphaned)
+
+	err = db.DeleteOrphanedObjects("pull_request", "issue", "pull_request.issue_id=issue.id")
+	assert.NoError(t, err)
+
+	countAfter, err := db.GetEngine(db.DefaultContext).Count(&issues_model.PullRequest{})
+	assert.NoError(t, err)
+	assert.EqualValues(t, countBefore, countAfter)
+}
@@ -0,0 +1,21 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package db_test
+
+import (
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+
+	_ "code.gitea.io/gitea/models"
+	_ "code.gitea.io/gitea/models/repo"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: filepath.Join("..", ".."),
+	})
+}
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ type Context struct {`
`32`	`32`	`e Engine`
`33`	`33`	`}`
`34`	`34`
`35`		`-// WithEngine returns a db.Context from a context.Context and db.Engine`
	`35`	`+// WithEngine returns a Context from a context.Context and Engine`
`36`	`36`	`func WithEngine(ctx context.Context, e Engine) *Context {`
`37`	`37`	`return &Context{`
`38`	`38`	`Context: ctx,`