Disallow dangerous url schemes (#25960)

Regression: https://github.com/go-gitea/gitea/pull/24805 Closes: #25945 - Disallow `javascript`, `vbscript` and `data` (data uri images still work) url schemes even if all other schemes are allowed - Fixed older `cbthunderlink` tests --------- Co-authored-by: delvh <dev.lh@web.de>
author: KN4CK3R <admin@oldschoolhack.me> 2023-07-18 17:18:37 +0200
committer: GitHub <noreply@github.com> 2023-07-18 15:18:37 +0000
commit: 8af96f585f83ff5c0000f0395dab52b02517abe3 (patch)
tree: 17bc1008b6c3c22460778ede11b5b5f8c466c390 /go.mod
parent: cc73e84fa355fa49e875b2d17319b3da70775e0d (diff)
download: gitea-8af96f585f83ff5c0000f0395dab52b02517abe3.tar.gz
gitea-8af96f585f83ff5c0000f0395dab52b02517abe3.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/go.mod b/go.mod
index 99b25a2619..9ba54ed185 100644
--- a/go.mod
+++ b/go.mod
@@ -76,7 +76,7 @@ require (
 	github.com/mattn/go-sqlite3 v1.14.17
 	github.com/meilisearch/meilisearch-go v0.25.0
 	github.com/mholt/archiver/v3 v3.5.1
-	github.com/microcosm-cc/bluemonday v1.0.24
+	github.com/microcosm-cc/bluemonday v1.0.25
 	github.com/minio/minio-go/v7 v7.0.60
 	github.com/minio/sha256-simd v1.0.1
 	github.com/msteinert/pam v1.1.0
author	KN4CK3R <admin@oldschoolhack.me>	2023-07-18 17:18:37 +0200
committer	GitHub <noreply@github.com>	2023-07-18 15:18:37 +0000
commit	8af96f585f83ff5c0000f0395dab52b02517abe3 (patch)
tree	17bc1008b6c3c22460778ede11b5b5f8c466c390 /go.mod
parent	cc73e84fa355fa49e875b2d17319b3da70775e0d (diff)
download	gitea-8af96f585f83ff5c0000f0395dab52b02517abe3.tar.gz gitea-8af96f585f83ff5c0000f0395dab52b02517abe3.zip