diff options
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 4 | ||||
| -rw-r--r-- | modules/markup/html_test.go | 2 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/sanitize.go | 21 | ||||
| -rw-r--r-- | vendor/modules.txt | 2 |
5 files changed, 18 insertions, 13 deletions
@@ -86,7 +86,7 @@ require ( github.com/mgechev/revive v1.0.3 github.com/mholt/acmez v0.1.3 // indirect github.com/mholt/archiver/v3 v3.5.0 - github.com/microcosm-cc/bluemonday v1.0.6 + github.com/microcosm-cc/bluemonday v1.0.7 github.com/miekg/dns v1.1.40 // indirect github.com/minio/md5-simd v1.1.2 // indirect github.com/minio/minio-go/v7 v7.0.10 @@ -830,8 +830,8 @@ github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk= github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/mholt/archiver/v3 v3.5.0 h1:nE8gZIrw66cu4osS/U7UW7YDuGMHssxKutU8IfWxwWE= github.com/mholt/archiver/v3 v3.5.0/go.mod h1:qqTTPUK/HZPFgFQ/TJ3BzvTpF/dPtFVJXdQbCmeMxwc= -github.com/microcosm-cc/bluemonday v1.0.6 h1:ZOvqHKtnx0fUpnbQm3m3zKFWE+DRC+XB1onh8JoEObE= -github.com/microcosm-cc/bluemonday v1.0.6/go.mod h1:HOT/6NaBlR0f9XlxD3zolN6Z3N8Lp4pvhp+jLS5ihnI= +github.com/microcosm-cc/bluemonday v1.0.7 h1:6yAQfk4XT+PI/dk1ZeBp1gr3Q2Hd1DR0O3aEyPUJVTE= +github.com/microcosm-cc/bluemonday v1.0.7/go.mod h1:HOT/6NaBlR0f9XlxD3zolN6Z3N8Lp4pvhp+jLS5ihnI= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/dns v1.1.40 h1:pyyPFfGMnciYUk/mXpKkVmeMQjfXqt3FAJ2hy7tPiLA= diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go index a78b936f87..1e39be401b 100644 --- a/modules/markup/html_test.go +++ b/modules/markup/html_test.go @@ -124,7 +124,7 @@ func TestRender_links(t *testing.T) { `<p><a href="http://www.example.com/wpstyle/?p=364" rel="nofollow">http://www.example.com/wpstyle/?p=364</a></p>`) test( "https://www.example.com/foo/?bar=baz&inga=42&quux", - `<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux=" rel="nofollow">https://www.example.com/foo/?bar=baz&inga=42&quux</a></p>`) + `<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux" rel="nofollow">https://www.example.com/foo/?bar=baz&inga=42&quux</a></p>`) test( "http://142.42.1.1/", `<p><a href="http://142.42.1.1/" rel="nofollow">http://142.42.1.1/</a></p>`) diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go index 99559bbabe..f4d23551a3 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go +++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go @@ -124,8 +124,9 @@ func escapeUrlComponent(val string) string { // Query represents a query type Query struct { - Key string - Value string + Key string + Value string + HasValue bool } func parseQuery(query string) (values []Query, err error) { @@ -140,8 +141,10 @@ func parseQuery(query string) (values []Query, err error) { continue } value := "" + hasValue := false if i := strings.Index(key, "="); i >= 0 { key, value = key[:i], key[i+1:] + hasValue = true } key, err1 := url.QueryUnescape(key) if err1 != nil { @@ -158,8 +161,9 @@ func parseQuery(query string) (values []Query, err error) { continue } values = append(values, Query{ - Key: key, - Value: value, + Key: key, + Value: value, + HasValue: hasValue, }) } return values, err @@ -169,8 +173,10 @@ func encodeQueries(queries []Query) string { var b strings.Builder for i, query := range queries { b.WriteString(url.QueryEscape(query.Key)) - b.WriteString("=") - b.WriteString(url.QueryEscape(query.Value)) + if query.HasValue { + b.WriteString("=") + b.WriteString(url.QueryEscape(query.Value)) + } if i < len(queries)-1 { b.WriteString("&") } @@ -965,7 +971,6 @@ func (p *Policy) matchRegex(elementName string) (map[string]attrPolicy, bool) { return aps, matched } - // normaliseElementName takes a HTML element like <script> which is user input // and returns a lower case version of it that is immune to UTF-8 to ASCII // conversion tricks (like the use of upper case cyrillic i scrÄ°pt which a @@ -983,4 +988,4 @@ func normaliseElementName(str string) string { `"`), `"`, ) -}
\ No newline at end of file +} diff --git a/vendor/modules.txt b/vendor/modules.txt index e0509e0a28..8ca9aed32d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -596,7 +596,7 @@ github.com/mholt/acmez/acme # github.com/mholt/archiver/v3 v3.5.0 ## explicit github.com/mholt/archiver/v3 -# github.com/microcosm-cc/bluemonday v1.0.6 +# github.com/microcosm-cc/bluemonday v1.0.7 ## explicit github.com/microcosm-cc/bluemonday # github.com/miekg/dns v1.1.40 |