]> source.dussan.org Git - gitea.git/commit
projects / gitea.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b7d054e) | patch
Disallow dangerous URL schemes (#25960) (#25964)
authorKN4CK3R <admin@oldschoolhack.me>
Tue, 18 Jul 2023 19:48:52 +0000 (21:48 +0200)
committerGitHub <noreply@github.com>
Tue, 18 Jul 2023 19:48:52 +0000 (19:48 +0000)
commitab54310731411c09ff41b8eb75eb6a3691768d06
tree9564afffe2143623800ed208720bc64547642e1btree | snapshot
parentb7d054e4b5ccabbc1bf10824b6e3483a53c437f9commit | diff
Disallow dangerous URL schemes (#25960) (#25964)

Regression: https://github.com/go-gitea/gitea/pull/24805
Closes: #25945
- Disallow `javascript`, `vbscript` and `data` (data uri images still
work) url schemes even if all other schemes are allowed
- Fixed older `cbthunderlink` tests

---------

Co-authored-by: delvh <dev.lh@web.de>
go.mod diff | blob | history
go.sum diff | blob | history
modules/markup/sanitizer.go diff | blob | history
modules/markup/sanitizer_test.go diff | blob | history
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea