diff options
author | zeripath <art27@cantab.net> | 2021-04-10 00:13:06 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-09 19:13:06 -0400 |
commit | b9ed3cbc26ca20e0c88a66ed42dbc1268a2343bc (patch) | |
tree | 4979ed35cfe1aa219a70229a6c34b746dca3f648 /vendor | |
parent | 07aa3845f88b83c08b64ee6d96e250ac5d1359fc (diff) | |
download | gitea-b9ed3cbc26ca20e0c88a66ed42dbc1268a2343bc.tar.gz gitea-b9ed3cbc26ca20e0c88a66ed42dbc1268a2343bc.zip |
Upgrade to bluemonday 1.0.7 (#15379)
* Upgrade to bluemonday 1.0.7
Fix #15349
Signed-off-by: Andrew Thornton <art27@cantab.net>
* resolve unit test
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'vendor')
-rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/sanitize.go | 21 | ||||
-rw-r--r-- | vendor/modules.txt | 2 |
2 files changed, 14 insertions, 9 deletions
diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go index 99559bbabe..f4d23551a3 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go +++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go @@ -124,8 +124,9 @@ func escapeUrlComponent(val string) string { // Query represents a query type Query struct { - Key string - Value string + Key string + Value string + HasValue bool } func parseQuery(query string) (values []Query, err error) { @@ -140,8 +141,10 @@ func parseQuery(query string) (values []Query, err error) { continue } value := "" + hasValue := false if i := strings.Index(key, "="); i >= 0 { key, value = key[:i], key[i+1:] + hasValue = true } key, err1 := url.QueryUnescape(key) if err1 != nil { @@ -158,8 +161,9 @@ func parseQuery(query string) (values []Query, err error) { continue } values = append(values, Query{ - Key: key, - Value: value, + Key: key, + Value: value, + HasValue: hasValue, }) } return values, err @@ -169,8 +173,10 @@ func encodeQueries(queries []Query) string { var b strings.Builder for i, query := range queries { b.WriteString(url.QueryEscape(query.Key)) - b.WriteString("=") - b.WriteString(url.QueryEscape(query.Value)) + if query.HasValue { + b.WriteString("=") + b.WriteString(url.QueryEscape(query.Value)) + } if i < len(queries)-1 { b.WriteString("&") } @@ -965,7 +971,6 @@ func (p *Policy) matchRegex(elementName string) (map[string]attrPolicy, bool) { return aps, matched } - // normaliseElementName takes a HTML element like <script> which is user input // and returns a lower case version of it that is immune to UTF-8 to ASCII // conversion tricks (like the use of upper case cyrillic i scrÄ°pt which a @@ -983,4 +988,4 @@ func normaliseElementName(str string) string { `"`), `"`, ) -}
\ No newline at end of file +} diff --git a/vendor/modules.txt b/vendor/modules.txt index e0509e0a28..8ca9aed32d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -596,7 +596,7 @@ github.com/mholt/acmez/acme # github.com/mholt/archiver/v3 v3.5.0 ## explicit github.com/mholt/archiver/v3 -# github.com/microcosm-cc/bluemonday v1.0.6 +# github.com/microcosm-cc/bluemonday v1.0.7 ## explicit github.com/microcosm-cc/bluemonday # github.com/miekg/dns v1.1.40 |