summaryrefslogtreecommitdiffstats
path: root/vendor
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-04-10 00:13:06 +0100
committerGitHub <noreply@github.com>2021-04-09 19:13:06 -0400
commitb9ed3cbc26ca20e0c88a66ed42dbc1268a2343bc (patch)
tree4979ed35cfe1aa219a70229a6c34b746dca3f648 /vendor
parent07aa3845f88b83c08b64ee6d96e250ac5d1359fc (diff)
downloadgitea-b9ed3cbc26ca20e0c88a66ed42dbc1268a2343bc.tar.gz
gitea-b9ed3cbc26ca20e0c88a66ed42dbc1268a2343bc.zip
Upgrade to bluemonday 1.0.7 (#15379)
* Upgrade to bluemonday 1.0.7 Fix #15349 Signed-off-by: Andrew Thornton <art27@cantab.net> * resolve unit test Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/microcosm-cc/bluemonday/sanitize.go21
-rw-r--r--vendor/modules.txt2
2 files changed, 14 insertions, 9 deletions
diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
index 99559bbabe..f4d23551a3 100644
--- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
+++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
@@ -124,8 +124,9 @@ func escapeUrlComponent(val string) string {
// Query represents a query
type Query struct {
- Key string
- Value string
+ Key string
+ Value string
+ HasValue bool
}
func parseQuery(query string) (values []Query, err error) {
@@ -140,8 +141,10 @@ func parseQuery(query string) (values []Query, err error) {
continue
}
value := ""
+ hasValue := false
if i := strings.Index(key, "="); i >= 0 {
key, value = key[:i], key[i+1:]
+ hasValue = true
}
key, err1 := url.QueryUnescape(key)
if err1 != nil {
@@ -158,8 +161,9 @@ func parseQuery(query string) (values []Query, err error) {
continue
}
values = append(values, Query{
- Key: key,
- Value: value,
+ Key: key,
+ Value: value,
+ HasValue: hasValue,
})
}
return values, err
@@ -169,8 +173,10 @@ func encodeQueries(queries []Query) string {
var b strings.Builder
for i, query := range queries {
b.WriteString(url.QueryEscape(query.Key))
- b.WriteString("=")
- b.WriteString(url.QueryEscape(query.Value))
+ if query.HasValue {
+ b.WriteString("=")
+ b.WriteString(url.QueryEscape(query.Value))
+ }
if i < len(queries)-1 {
b.WriteString("&")
}
@@ -965,7 +971,6 @@ func (p *Policy) matchRegex(elementName string) (map[string]attrPolicy, bool) {
return aps, matched
}
-
// normaliseElementName takes a HTML element like <script> which is user input
// and returns a lower case version of it that is immune to UTF-8 to ASCII
// conversion tricks (like the use of upper case cyrillic i scrÄ°pt which a
@@ -983,4 +988,4 @@ func normaliseElementName(str string) string {
`"`),
`"`,
)
-} \ No newline at end of file
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index e0509e0a28..8ca9aed32d 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -596,7 +596,7 @@ github.com/mholt/acmez/acme
# github.com/mholt/archiver/v3 v3.5.0
## explicit
github.com/mholt/archiver/v3
-# github.com/microcosm-cc/bluemonday v1.0.6
+# github.com/microcosm-cc/bluemonday v1.0.7
## explicit
github.com/microcosm-cc/bluemonday
# github.com/miekg/dns v1.1.40