diff options
| author | zeripath <art27@cantab.net> | 2020-02-28 20:05:12 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-28 20:05:12 +0000 |
| commit | 154b137b6d97e11c3d52d3b5844d61f8f14d26b9 (patch) | |
| tree | 8c106401666bce0f394c11a3ec18b290cff89b4c /modules/markup/html_test.go | |
| parent | e0ecddc11b799800262363808a1f440a6219dff1 (diff) | |
| download | gitea-154b137b6d97e11c3d52d3b5844d61f8f14d26b9.tar.gz gitea-154b137b6d97e11c3d52d3b5844d61f8f14d26b9.zip | |
Relax sanitization as per https://github.com/jch/html-pipeline (#10527)
Looking at github/markup#245 it is clear that GH uses https://github.com/jch/html-pipeline to sanitize. This PR relaxes our sanitization to more closely match this.
Fixes #10471
and likely others...
Diffstat (limited to 'modules/markup/html_test.go')
| -rw-r--r-- | modules/markup/html_test.go | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go index 45145b4025..6dcecc4956 100644 --- a/modules/markup/html_test.go +++ b/modules/markup/html_test.go @@ -267,8 +267,8 @@ func TestRender_ShortLinks(t *testing.T) { `<p><a href="`+imgurlWiki+`" rel="nofollow"><img src="`+imgurlWiki+`" title="Link.jpg" alt="Link.jpg"/></a></p>`) test( "[["+favicon+"]]", - `<p><a href="`+favicon+`" rel="nofollow"><img src="`+favicon+`" title="favicon.ico"/></a></p>`, - `<p><a href="`+favicon+`" rel="nofollow"><img src="`+favicon+`" title="favicon.ico"/></a></p>`) + `<p><a href="`+favicon+`" rel="nofollow"><img src="`+favicon+`" title="favicon.ico" alt="`+favicon+`"/></a></p>`, + `<p><a href="`+favicon+`" rel="nofollow"><img src="`+favicon+`" title="favicon.ico" alt="`+favicon+`"/></a></p>`) test( "[[Name|Link]]", `<p><a href="`+url+`" rel="nofollow">Name</a></p>`, @@ -311,16 +311,16 @@ func TestRender_ShortLinks(t *testing.T) { `<p><a href="`+urlWiki+`" rel="nofollow">Link</a> <a href="`+otherURLWiki+`" rel="nofollow">Other Link</a> <a href="`+encodedURLWiki+`" rel="nofollow">Link?</a></p>`) test( "[[Link #.jpg]]", - `<p><a href="`+encodedImgurl+`" rel="nofollow"><img src="`+encodedImgurl+`"/></a></p>`, - `<p><a href="`+encodedImgurlWiki+`" rel="nofollow"><img src="`+encodedImgurlWiki+`"/></a></p>`) + `<p><a href="`+encodedImgurl+`" rel="nofollow"><img src="`+encodedImgurl+`" title="Link #.jpg" alt="Link #.jpg"/></a></p>`, + `<p><a href="`+encodedImgurlWiki+`" rel="nofollow"><img src="`+encodedImgurlWiki+`" title="Link #.jpg" alt="Link #.jpg"/></a></p>`) test( "[[Name|Link #.jpg|alt=\"AltName\"|title='Title']]", `<p><a href="`+encodedImgurl+`" rel="nofollow"><img src="`+encodedImgurl+`" title="Title" alt="AltName"/></a></p>`, `<p><a href="`+encodedImgurlWiki+`" rel="nofollow"><img src="`+encodedImgurlWiki+`" title="Title" alt="AltName"/></a></p>`) test( "[[some/path/Link #.jpg]]", - `<p><a href="`+notencodedImgurl+`" rel="nofollow"><img src="`+notencodedImgurl+`"/></a></p>`, - `<p><a href="`+notencodedImgurlWiki+`" rel="nofollow"><img src="`+notencodedImgurlWiki+`"/></a></p>`) + `<p><a href="`+notencodedImgurl+`" rel="nofollow"><img src="`+notencodedImgurl+`" title="Link #.jpg" alt="some/path/Link #.jpg"/></a></p>`, + `<p><a href="`+notencodedImgurlWiki+`" rel="nofollow"><img src="`+notencodedImgurlWiki+`" title="Link #.jpg" alt="some/path/Link #.jpg"/></a></p>`) test( "<p><a href=\"https://example.org\">[[foobar]]</a></p>", `<p><a href="https://example.org" rel="nofollow">[[foobar]]</a></p>`, |