mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-11-03 23:42:26 -06:00
[chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.24 to 1.0.25 (#2021)
This commit is contained in:
dependabot[bot]
GitHub
parent
b05f6c8f56
commit
81fe59dadc
6 changed files with 59 additions and 52 deletions
57
vendor/github.com/microcosm-cc/bluemonday/sanitize.go
generated
vendored
57
vendor/github.com/microcosm-cc/bluemonday/sanitize.go
generated
vendored
|
|
@ -95,41 +95,6 @@ func (p *Policy) SanitizeReaderToWriter(r io.Reader, w io.Writer) error {
|
|||
return p.sanitize(r, w)
|
||||
}
|
||||
|
||||
const escapedURLChars = "'<>\"\r"
|
||||
|
||||
func escapeUrlComponent(w stringWriterWriter, val string) error {
|
||||
i := strings.IndexAny(val, escapedURLChars)
|
||||
for i != -1 {
|
||||
if _, err := w.WriteString(val[:i]); err != nil {
|
||||
return err
|
||||
}
|
||||
var esc string
|
||||
switch val[i] {
|
||||
case '\'':
|
||||
// "'" is shorter than "'" and apos was not in HTML until HTML5.
|
||||
esc = "'"
|
||||
case '<':
|
||||
esc = "<"
|
||||
case '>':
|
||||
esc = ">"
|
||||
case '"':
|
||||
// """ is shorter than """.
|
||||
esc = """
|
||||
case '\r':
|
||||
esc = " "
|
||||
default:
|
||||
panic("unrecognized escape character")
|
||||
}
|
||||
val = val[i+1:]
|
||||
if _, err := w.WriteString(esc); err != nil {
|
||||
return err
|
||||
}
|
||||
i = strings.IndexAny(val, escapedURLChars)
|
||||
}
|
||||
_, err := w.WriteString(val)
|
||||
return err
|
||||
}
|
||||
|
||||
// Query represents a single part of the query string, a query param
|
||||
type Query struct {
|
||||
Key string
|
||||
|
|
@ -612,6 +577,14 @@ attrsLoop:
|
|||
case "audio", "embed", "iframe", "img", "script", "source", "track", "video":
|
||||
if htmlAttr.Key == "src" {
|
||||
if u, ok := p.validURL(htmlAttr.Val); ok {
|
||||
if p.srcRewriter != nil {
|
||||
parsedURL, err := url.Parse(u)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
p.srcRewriter(parsedURL)
|
||||
u = parsedURL.String()
|
||||
}
|
||||
htmlAttr.Val = u
|
||||
tmpAttrs = append(tmpAttrs, htmlAttr)
|
||||
}
|
||||
|
|
@ -970,14 +943,14 @@ func (p *Policy) validURL(rawurl string) (string, bool) {
|
|||
}
|
||||
|
||||
if u.Scheme != "" {
|
||||
for _, r := range p.allowURLSchemeRegexps {
|
||||
if r.MatchString(u.Scheme) {
|
||||
return u.String(), true
|
||||
}
|
||||
}
|
||||
|
||||
urlPolicies, ok := p.allowURLSchemes[u.Scheme]
|
||||
if !ok {
|
||||
for _, r := range p.allowURLSchemeRegexps {
|
||||
if r.MatchString(u.Scheme) {
|
||||
return u.String(), true
|
||||
}
|
||||
}
|
||||
|
||||
return "", false
|
||||
}
|
||||
|
||||
|
|
@ -986,7 +959,7 @@ func (p *Policy) validURL(rawurl string) (string, bool) {
|
|||
}
|
||||
|
||||
for _, urlPolicy := range urlPolicies {
|
||||
if urlPolicy(u) == true {
|
||||
if urlPolicy(u) {
|
||||
return u.String(), true
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue