]> source.dussan.org Git - gitea.git/commit
projects / gitea.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b708968) | patch
Prevent panic on fuzzer provided string (#14405)
authorzeripath <art27@cantab.net>
Wed, 20 Jan 2021 15:10:50 +0000 (15:10 +0000)
committerGitHub <noreply@github.com>
Wed, 20 Jan 2021 15:10:50 +0000 (23:10 +0800)
commit172229966c9c69305d7b6b9b69552346343fe270
tree236fc5892fee943d2dc6bd882b423a5eab46264ctree | snapshot
parentb708968694841cb1df6038eaabb880d0fe59a7f4commit | diff
Prevent panic on fuzzer provided string (#14405)

* Prevent panic on fuzzer provided string

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Placate lint

* placate lint again

Signed-off-by: Andrew Thornton <art27@cantab.net>
* minor cleanup

Signed-off-by: Andrew Thornton <art27@cantab.net>
modules/markup/html.go diff | blob | history
modules/markup/html_test.go diff | blob | history
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea