1
1
mirror of https://github.com/go-gitea/gitea synced 2024-12-25 18:14:28 +00:00
gitea/modules/markup
6543 fb274ec54b
Prevent panic on fuzzer provided string (#14405) (#14409)
* Prevent panic on fuzzer provided string

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Placate lint

* placate lint again

Signed-off-by: Andrew Thornton <art27@cantab.net>

* minor cleanup

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-01-20 20:47:30 +02:00
..
common Don't replace underscores in auto-generated IDs in goldmark (#12805) 2020-09-12 12:00:48 -04:00
csv Detect delimiter in CSV rendering (#7869) 2019-08-16 01:09:50 +03:00
external Re-attempt to delete temporary upload if the file is locked by another process (#12447) 2020-08-11 21:05:34 +01:00
markdown Fix markdown meta parsing (#12817) 2020-09-12 21:48:47 -04:00
mdstripper Detect full references to issues and pulls in commit messages (#12399) 2020-08-06 20:20:05 +01:00
orgmode fix: media links in org files not liked to media files (#12997) 2020-10-01 11:22:34 -04:00
html_internal_test.go Issue/PR Context Popups (#9822) 2020-01-19 23:39:21 -05:00
html_test.go Prevent panic on fuzzer provided string (#14405) (#14409) 2021-01-20 20:47:30 +02:00
html.go Prevent panic on fuzzer provided string (#14405) (#14409) 2021-01-20 20:47:30 +02:00
markup_test.go Prioritize "readme.md" (#5691) 2019-01-14 14:15:06 -05:00
markup.go Don't manually replace whitespace during render (#10291) 2020-02-17 07:46:51 +02:00
sanitizer_test.go Restore checkbox rendering and prevent poor sanitization of spans (#11277) 2020-05-03 17:17:24 -03:00
sanitizer.go Add loading spinners and mermaid error handling (#12358) 2020-08-04 20:56:37 +01:00