From 8e09e03127d2128453a7cd1337e8f51d33147e1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kim=20=22BKC=22=20Carlb=C3=A4cker?=
 <kim.carlbacker@gmail.com>
Date: Wed, 13 Jan 2016 13:25:52 +0100
Subject: [PATCH 1/2] Checklist-rendering implemented

---
 modules/base/markdown.go | 10 ++++++++++
 modules/base/tool.go     |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/base/markdown.go b/modules/base/markdown.go
index a3d3a7ca80..0ef379b8ed 100644
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -142,6 +142,16 @@ func (r *CustomRender) AutoLink(out *bytes.Buffer, link []byte, kind int) {
 	r.Renderer.AutoLink(out, link, kind)
 }
 
+func (options *CustomRender) ListItem(out *bytes.Buffer, text []byte, flags int) {
+	switch {
+	case bytes.HasPrefix(text, []byte("[ ] ")):
+		text = append([]byte(`<input type="checkbox" disabled="" />`), text[3:]...)
+	case bytes.HasPrefix(text, []byte("[x] ")):
+		text = append([]byte(`<input type="checkbox" disabled="" checked="" />`), text[3:]...)
+	}
+	options.Renderer.ListItem(out, text, flags)
+}
+
 var (
 	svgSuffix         = []byte(".svg")
 	svgSuffixWithMark = []byte(".svg?")
diff --git a/modules/base/tool.go b/modules/base/tool.go
index 6bfd912d32..c6522d1246 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -31,7 +31,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-var Sanitizer = bluemonday.UGCPolicy().AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
+var Sanitizer = bluemonday.UGCPolicy().AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code").AllowElements("input").AllowAttrs("type", "checked", "disabled").OnElements("input")
 
 // EncodeMD5 encodes string to md5 hex value.
 func EncodeMD5(str string) string {

From a1a4f1103caa42f090314c77c695f4e34781da64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kim=20=22BKC=22=20Carlb=C3=A4cker?=
 <kim.carlbacker@gmail.com>
Date: Thu, 14 Jan 2016 03:00:05 +0100
Subject: [PATCH 2/2] Made Sanitizer-setup cleaner

---
 modules/base/tool.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/modules/base/tool.go b/modules/base/tool.go
index c6522d1246..f98ae28b93 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -31,7 +31,16 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-var Sanitizer = bluemonday.UGCPolicy().AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code").AllowElements("input").AllowAttrs("type", "checked", "disabled").OnElements("input")
+func BuildSanitizer() (p *bluemonday.Policy) {
+	p = bluemonday.UGCPolicy()
+	p.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
+
+	p.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")
+	p.AllowAttrs("checked", "disabled").OnElements("input")
+	return p
+}
+
+var Sanitizer = BuildSanitizer()
 
 // EncodeMD5 encodes string to md5 hex value.
 func EncodeMD5(str string) string {