* Upgrade to bluemonday 1.0.7 Fix #15349 Signed-off-by: Andrew Thornton <art27@cantab.net> * resolve unit test Co-authored-by: techknowlogick <techknowlogick@gitea.io>tags/v1.15.0-rc1
github.com/mgechev/revive v1.0.3 | github.com/mgechev/revive v1.0.3 | ||||
github.com/mholt/acmez v0.1.3 // indirect | github.com/mholt/acmez v0.1.3 // indirect | ||||
github.com/mholt/archiver/v3 v3.5.0 | github.com/mholt/archiver/v3 v3.5.0 | ||||
github.com/microcosm-cc/bluemonday v1.0.6 | |||||
github.com/microcosm-cc/bluemonday v1.0.7 | |||||
github.com/miekg/dns v1.1.40 // indirect | github.com/miekg/dns v1.1.40 // indirect | ||||
github.com/minio/md5-simd v1.1.2 // indirect | github.com/minio/md5-simd v1.1.2 // indirect | ||||
github.com/minio/minio-go/v7 v7.0.10 | github.com/minio/minio-go/v7 v7.0.10 |
github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= | github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= | ||||
github.com/mholt/archiver/v3 v3.5.0 h1:nE8gZIrw66cu4osS/U7UW7YDuGMHssxKutU8IfWxwWE= | github.com/mholt/archiver/v3 v3.5.0 h1:nE8gZIrw66cu4osS/U7UW7YDuGMHssxKutU8IfWxwWE= | ||||
github.com/mholt/archiver/v3 v3.5.0/go.mod h1:qqTTPUK/HZPFgFQ/TJ3BzvTpF/dPtFVJXdQbCmeMxwc= | github.com/mholt/archiver/v3 v3.5.0/go.mod h1:qqTTPUK/HZPFgFQ/TJ3BzvTpF/dPtFVJXdQbCmeMxwc= | ||||
github.com/microcosm-cc/bluemonday v1.0.6 h1:ZOvqHKtnx0fUpnbQm3m3zKFWE+DRC+XB1onh8JoEObE= | |||||
github.com/microcosm-cc/bluemonday v1.0.6/go.mod h1:HOT/6NaBlR0f9XlxD3zolN6Z3N8Lp4pvhp+jLS5ihnI= | |||||
github.com/microcosm-cc/bluemonday v1.0.7 h1:6yAQfk4XT+PI/dk1ZeBp1gr3Q2Hd1DR0O3aEyPUJVTE= | |||||
github.com/microcosm-cc/bluemonday v1.0.7/go.mod h1:HOT/6NaBlR0f9XlxD3zolN6Z3N8Lp4pvhp+jLS5ihnI= | |||||
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= | github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= | ||||
github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= | github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= | ||||
github.com/miekg/dns v1.1.40 h1:pyyPFfGMnciYUk/mXpKkVmeMQjfXqt3FAJ2hy7tPiLA= | github.com/miekg/dns v1.1.40 h1:pyyPFfGMnciYUk/mXpKkVmeMQjfXqt3FAJ2hy7tPiLA= |
`<p><a href="http://www.example.com/wpstyle/?p=364" rel="nofollow">http://www.example.com/wpstyle/?p=364</a></p>`) | `<p><a href="http://www.example.com/wpstyle/?p=364" rel="nofollow">http://www.example.com/wpstyle/?p=364</a></p>`) | ||||
test( | test( | ||||
"https://www.example.com/foo/?bar=baz&inga=42&quux", | "https://www.example.com/foo/?bar=baz&inga=42&quux", | ||||
`<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux=" rel="nofollow">https://www.example.com/foo/?bar=baz&inga=42&quux</a></p>`) | |||||
`<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux" rel="nofollow">https://www.example.com/foo/?bar=baz&inga=42&quux</a></p>`) | |||||
test( | test( | ||||
"http://142.42.1.1/", | "http://142.42.1.1/", | ||||
`<p><a href="http://142.42.1.1/" rel="nofollow">http://142.42.1.1/</a></p>`) | `<p><a href="http://142.42.1.1/" rel="nofollow">http://142.42.1.1/</a></p>`) |
// Query represents a query | // Query represents a query | ||||
type Query struct { | type Query struct { | ||||
Key string | |||||
Value string | |||||
Key string | |||||
Value string | |||||
HasValue bool | |||||
} | } | ||||
func parseQuery(query string) (values []Query, err error) { | func parseQuery(query string) (values []Query, err error) { | ||||
continue | continue | ||||
} | } | ||||
value := "" | value := "" | ||||
hasValue := false | |||||
if i := strings.Index(key, "="); i >= 0 { | if i := strings.Index(key, "="); i >= 0 { | ||||
key, value = key[:i], key[i+1:] | key, value = key[:i], key[i+1:] | ||||
hasValue = true | |||||
} | } | ||||
key, err1 := url.QueryUnescape(key) | key, err1 := url.QueryUnescape(key) | ||||
if err1 != nil { | if err1 != nil { | ||||
continue | continue | ||||
} | } | ||||
values = append(values, Query{ | values = append(values, Query{ | ||||
Key: key, | |||||
Value: value, | |||||
Key: key, | |||||
Value: value, | |||||
HasValue: hasValue, | |||||
}) | }) | ||||
} | } | ||||
return values, err | return values, err | ||||
var b strings.Builder | var b strings.Builder | ||||
for i, query := range queries { | for i, query := range queries { | ||||
b.WriteString(url.QueryEscape(query.Key)) | b.WriteString(url.QueryEscape(query.Key)) | ||||
b.WriteString("=") | |||||
b.WriteString(url.QueryEscape(query.Value)) | |||||
if query.HasValue { | |||||
b.WriteString("=") | |||||
b.WriteString(url.QueryEscape(query.Value)) | |||||
} | |||||
if i < len(queries)-1 { | if i < len(queries)-1 { | ||||
b.WriteString("&") | b.WriteString("&") | ||||
} | } | ||||
return aps, matched | return aps, matched | ||||
} | } | ||||
// normaliseElementName takes a HTML element like <script> which is user input | // normaliseElementName takes a HTML element like <script> which is user input | ||||
// and returns a lower case version of it that is immune to UTF-8 to ASCII | // and returns a lower case version of it that is immune to UTF-8 to ASCII | ||||
// conversion tricks (like the use of upper case cyrillic i scrİpt which a | // conversion tricks (like the use of upper case cyrillic i scrİpt which a | ||||
`"`), | `"`), | ||||
`"`, | `"`, | ||||
) | ) | ||||
} | |||||
} |
# github.com/mholt/archiver/v3 v3.5.0 | # github.com/mholt/archiver/v3 v3.5.0 | ||||
## explicit | ## explicit | ||||
github.com/mholt/archiver/v3 | github.com/mholt/archiver/v3 | ||||
# github.com/microcosm-cc/bluemonday v1.0.6 | |||||
# github.com/microcosm-cc/bluemonday v1.0.7 | |||||
## explicit | ## explicit | ||||
github.com/microcosm-cc/bluemonday | github.com/microcosm-cc/bluemonday | ||||
# github.com/miekg/dns v1.1.40 | # github.com/miekg/dns v1.1.40 |