1
1
mirror of https://github.com/go-gitea/gitea synced 2025-10-26 17:08:25 +00:00

Upgrade to bluemonday 1.0.7 (#15379)

* Upgrade to bluemonday 1.0.7

Fix #15349

Signed-off-by: Andrew Thornton <art27@cantab.net>

* resolve unit test

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
zeripath
2021-04-10 00:13:06 +01:00
committed by GitHub
parent 07aa3845f8
commit b9ed3cbc26
5 changed files with 18 additions and 13 deletions

View File

@@ -124,8 +124,9 @@ func escapeUrlComponent(val string) string {
// Query represents a query
type Query struct {
Key string
Value string
Key string
Value string
HasValue bool
}
func parseQuery(query string) (values []Query, err error) {
@@ -140,8 +141,10 @@ func parseQuery(query string) (values []Query, err error) {
continue
}
value := ""
hasValue := false
if i := strings.Index(key, "="); i >= 0 {
key, value = key[:i], key[i+1:]
hasValue = true
}
key, err1 := url.QueryUnescape(key)
if err1 != nil {
@@ -158,8 +161,9 @@ func parseQuery(query string) (values []Query, err error) {
continue
}
values = append(values, Query{
Key: key,
Value: value,
Key: key,
Value: value,
HasValue: hasValue,
})
}
return values, err
@@ -169,8 +173,10 @@ func encodeQueries(queries []Query) string {
var b strings.Builder
for i, query := range queries {
b.WriteString(url.QueryEscape(query.Key))
b.WriteString("=")
b.WriteString(url.QueryEscape(query.Value))
if query.HasValue {
b.WriteString("=")
b.WriteString(url.QueryEscape(query.Value))
}
if i < len(queries)-1 {
b.WriteString("&")
}
@@ -965,7 +971,6 @@ func (p *Policy) matchRegex(elementName string) (map[string]attrPolicy, bool) {
return aps, matched
}
// normaliseElementName takes a HTML element like <script> which is user input
// and returns a lower case version of it that is immune to UTF-8 to ASCII
// conversion tricks (like the use of upper case cyrillic i scrİpt which a
@@ -983,4 +988,4 @@ func normaliseElementName(str string) string {
`"`),
`"`,
)
}
}