Upgrade to bluemonday 1.0.7 (#15379)

* Upgrade to bluemonday 1.0.7

Fix #15349

Signed-off-by: Andrew Thornton <art27@cantab.net>
* resolve unit test

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

diff --git a/go.mod b/go.mod
index af67337179b717712d4ef138aaa950a37402cb15..d9c4fbd2744663dd79d1e78d2e4056ae85225c8d 100644 (file)
--- a/go.mod
+++ b/go.mod
@@ -86,7 +86,7 @@ require (
        github.com/mgechev/revive v1.0.3
        github.com/mholt/acmez v0.1.3 // indirect
        github.com/mholt/archiver/v3 v3.5.0
-       github.com/microcosm-cc/bluemonday v1.0.6
+       github.com/microcosm-cc/bluemonday v1.0.7
        github.com/miekg/dns v1.1.40 // indirect
        github.com/minio/md5-simd v1.1.2 // indirect
        github.com/minio/minio-go/v7 v7.0.10

diff --git a/go.sum b/go.sum
index 68a3fe1c4e616304dd0cf82fb6719a505bd204da..794752c9786b9a5012627d8170c7060c41abd260 100644 (file)
--- a/go.sum
+++ b/go.sum
@@ -830,8 +830,8 @@ github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk=
 github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM=
 github.com/mholt/archiver/v3 v3.5.0 h1:nE8gZIrw66cu4osS/U7UW7YDuGMHssxKutU8IfWxwWE=
 github.com/mholt/archiver/v3 v3.5.0/go.mod h1:qqTTPUK/HZPFgFQ/TJ3BzvTpF/dPtFVJXdQbCmeMxwc=
-github.com/microcosm-cc/bluemonday v1.0.6 h1:ZOvqHKtnx0fUpnbQm3m3zKFWE+DRC+XB1onh8JoEObE=
-github.com/microcosm-cc/bluemonday v1.0.6/go.mod h1:HOT/6NaBlR0f9XlxD3zolN6Z3N8Lp4pvhp+jLS5ihnI=
+github.com/microcosm-cc/bluemonday v1.0.7 h1:6yAQfk4XT+PI/dk1ZeBp1gr3Q2Hd1DR0O3aEyPUJVTE=
+github.com/microcosm-cc/bluemonday v1.0.7/go.mod h1:HOT/6NaBlR0f9XlxD3zolN6Z3N8Lp4pvhp+jLS5ihnI=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/miekg/dns v1.1.40 h1:pyyPFfGMnciYUk/mXpKkVmeMQjfXqt3FAJ2hy7tPiLA=

diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index a78b936f87f1c856d365a1a56d8837f23ad3e3d1..1e39be401ba0a5d3a4ab817450657e71a808b0c6 100644 (file)
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -124,7 +124,7 @@ func TestRender_links(t *testing.T) {
                `<p><a href="http://www.example.com/wpstyle/?p=364" rel="nofollow">http://www.example.com/wpstyle/?p=364</a></p>`)
        test(
                "https://www.example.com/foo/?bar=baz&inga=42&quux",
-               `<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux=" rel="nofollow">https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux</a></p>`)
+               `<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux" rel="nofollow">https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux</a></p>`)
        test(
                "http://142.42.1.1/",
                `<p><a href="http://142.42.1.1/" rel="nofollow">http://142.42.1.1/</a></p>`)

diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
index 99559bbabe57f8fb5bfd69f0dfc265d2a6816db6..f4d23551a33c8ea3cfbed6d3d7954b1b411d3002 100644 (file)
--- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
+++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
@@ -124,8 +124,9 @@ func escapeUrlComponent(val string) string {
 
 // Query represents a query
 type Query struct {
-       Key   string
-       Value string
+       Key      string
+       Value    string
+       HasValue bool
 }
 
 func parseQuery(query string) (values []Query, err error) {
@@ -140,8 +141,10 @@ func parseQuery(query string) (values []Query, err error) {
                        continue
                }
                value := ""
+               hasValue := false
                if i := strings.Index(key, "="); i >= 0 {
                        key, value = key[:i], key[i+1:]
+                       hasValue = true
                }
                key, err1 := url.QueryUnescape(key)
                if err1 != nil {
@@ -158,8 +161,9 @@ func parseQuery(query string) (values []Query, err error) {
                        continue
                }
                values = append(values, Query{
-                       Key:   key,
-                       Value: value,
+                       Key:      key,
+                       Value:    value,
+                       HasValue: hasValue,
                })
        }
        return values, err
@@ -169,8 +173,10 @@ func encodeQueries(queries []Query) string {
        var b strings.Builder
        for i, query := range queries {
                b.WriteString(url.QueryEscape(query.Key))
-               b.WriteString("=")
-               b.WriteString(url.QueryEscape(query.Value))
+               if query.HasValue {
+                       b.WriteString("=")
+                       b.WriteString(url.QueryEscape(query.Value))
+               }
                if i < len(queries)-1 {
                        b.WriteString("&")
                }
@@ -965,7 +971,6 @@ func (p *Policy) matchRegex(elementName string) (map[string]attrPolicy, bool) {
        return aps, matched
 }
 
-
 // normaliseElementName takes a HTML element like <script> which is user input
 // and returns a lower case version of it that is immune to UTF-8 to ASCII
 // conversion tricks (like the use of upper case cyrillic i scrİpt which a
@@ -983,4 +988,4 @@ func normaliseElementName(str string) string {
                        `"`),
                `"`,
        )
-}
\ No newline at end of file
+}

diff --git a/vendor/modules.txt b/vendor/modules.txt
index e0509e0a28b86db1f7f5e22c0d6431780c1d86da..8ca9aed32d0172babc479a867a6e28f2f5c94dd8 100644 (file)
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -596,7 +596,7 @@ github.com/mholt/acmez/acme
 # github.com/mholt/archiver/v3 v3.5.0
 ## explicit
 github.com/mholt/archiver/v3
-# github.com/microcosm-cc/bluemonday v1.0.6
+# github.com/microcosm-cc/bluemonday v1.0.7
 ## explicit
 github.com/microcosm-cc/bluemonday
 # github.com/miekg/dns v1.1.40