mirror
/
gitea
mirror of https://github.com/go-gitea/gitea
2
0
Fork 0
Code Issues Releases Wiki Activity

Upgrade to bluemonday 1.0.7 (#15379) (#15380)

Browse Source 
* Upgrade to bluemonday 1.0.7 (#15379)

Backport #15379

Fix #15349

Signed-off-by: Andrew Thornton <art27@cantab.net>

* resolve CI

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
pull/15374/head^2
zeripath 4 years ago committed by GitHub
parent 24ebc7e517
commit 53c2136a9a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 18 additions and 13 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      go.mod
  2. 4
      go.sum
  3. 2
      modules/markup/html_test.go
  4. 21
      vendor/github.com/microcosm-cc/bluemonday/sanitize.go
  5. 2
      vendor/modules.txt

2
go.mod
Unescape View File

@ -86,7 +86,7 @@ require (
github.com/mgechev/revive v1.0.3
github.com/mholt/acmez v0.1.3 // indirect
github.com/mholt/archiver/v3 v3.5.0
github.com/microcosm-cc/bluemonday v1.0.6
github.com/microcosm-cc/bluemonday v1.0.7
github.com/miekg/dns v1.1.40 // indirect
github.com/minio/md5-simd v1.1.2 // indirect
github.com/minio/minio-go/v7 v7.0.10

4
go.sum
Unescape View File

@ -830,8 +830,8 @@ github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk=
github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM=
github.com/mholt/archiver/v3 v3.5.0 h1:nE8gZIrw66cu4osS/U7UW7YDuGMHssxKutU8IfWxwWE=
github.com/mholt/archiver/v3 v3.5.0/go.mod h1:qqTTPUK/HZPFgFQ/TJ3BzvTpF/dPtFVJXdQbCmeMxwc=
github.com/microcosm-cc/bluemonday v1.0.6 h1:ZOvqHKtnx0fUpnbQm3m3zKFWE+DRC+XB1onh8JoEObE=
github.com/microcosm-cc/bluemonday v1.0.6/go.mod h1:HOT/6NaBlR0f9XlxD3zolN6Z3N8Lp4pvhp+jLS5ihnI=
github.com/microcosm-cc/bluemonday v1.0.7 h1:6yAQfk4XT+PI/dk1ZeBp1gr3Q2Hd1DR0O3aEyPUJVTE=
github.com/microcosm-cc/bluemonday v1.0.7/go.mod h1:HOT/6NaBlR0f9XlxD3zolN6Z3N8Lp4pvhp+jLS5ihnI=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
github.com/miekg/dns v1.1.40 h1:pyyPFfGMnciYUk/mXpKkVmeMQjfXqt3FAJ2hy7tPiLA=

2
modules/markup/html_test.go
Unescape View File

@ -124,7 +124,7 @@ func TestRender_links(t *testing.T) {
`<p><a href="http://www.example.com/wpstyle/?p=364" rel="nofollow">http://www.example.com/wpstyle/?p=364</a></p>`)
test(
"https://www.example.com/foo/?bar=baz&inga=42&quux",
`<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux=" rel="nofollow">https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux</a></p>`)
`<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux" rel="nofollow">https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux</a></p>`)
test(
"http://142.42.1.1/",
`<p><a href="http://142.42.1.1/" rel="nofollow">http://142.42.1.1/</a></p>`)

21
vendor/github.com/microcosm-cc/bluemonday/sanitize.go generated vendored
Unescape View File

@ -124,8 +124,9 @@ func escapeUrlComponent(val string) string {
// Query represents a query
type Query struct {
Key string
Value string
Key string
Value string
HasValue bool
}
func parseQuery(query string) (values []Query, err error) {
@ -140,8 +141,10 @@ func parseQuery(query string) (values []Query, err error) {
continue
}
value := ""
hasValue := false
if i := strings.Index(key, "="); i >= 0 {
key, value = key[:i], key[i+1:]
hasValue = true
}
key, err1 := url.QueryUnescape(key)
if err1 != nil {
@ -158,8 +161,9 @@ func parseQuery(query string) (values []Query, err error) {
continue
}
values = append(values, Query{
Key: key,
Value: value,
Key: key,
Value: value,
HasValue: hasValue,
})
}
return values, err
@ -169,8 +173,10 @@ func encodeQueries(queries []Query) string {
var b strings.Builder
for i, query := range queries {
b.WriteString(url.QueryEscape(query.Key))
b.WriteString("=")
b.WriteString(url.QueryEscape(query.Value))
if query.HasValue {
b.WriteString("=")
b.WriteString(url.QueryEscape(query.Value))
}
if i < len(queries)-1 {
b.WriteString("&")
}
@ -965,7 +971,6 @@ func (p *Policy) matchRegex(elementName string) (map[string]attrPolicy, bool) {
return aps, matched
}
// normaliseElementName takes a HTML element like <script> which is user input
// and returns a lower case version of it that is immune to UTF-8 to ASCII
// conversion tricks (like the use of upper case cyrillic i scrİpt which a
@ -983,4 +988,4 @@ func normaliseElementName(str string) string {
`"`),
`"`,
)
}
}

2
vendor/modules.txt vendored
Unescape View File

@ -596,7 +596,7 @@ github.com/mholt/acmez/acme
# github.com/mholt/archiver/v3 v3.5.0
## explicit
github.com/mholt/archiver/v3
# github.com/microcosm-cc/bluemonday v1.0.6
# github.com/microcosm-cc/bluemonday v1.0.7
## explicit
github.com/microcosm-cc/bluemonday
# github.com/miekg/dns v1.1.40

Write Preview
Loading…
Cancel
Save