Improve some sanitizer rules (#32534)

This is a backport-only fix for 1.22 1.23 has a proper fix #32533
2025-07-12 05:27:20 +00:00 · 2024-11-18 11:42:30 +08:00
parent 6555cfcac3
commit 578c02d652
3 changed files with 7 additions and 7 deletions
--- a/modules/markup/asciicast/asciicast.go
+++ b/modules/markup/asciicast/asciicast.go
@ -39,7 +39,7 @@ const (
 // SanitizerRules implements markup.Renderer
 func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
 	return []setting.MarkupSanitizerRule{
-		{Element: "div", AllowAttr: "class", Regexp: regexp.MustCompile(playerClassName)},
+		{Element: "div", AllowAttr: "class", Regexp: regexp.MustCompile("^" + playerClassName + "$")},
 		{Element: "div", AllowAttr: playerSrcAttr},
 	}
 }