SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity

[chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.23 to 1.0.24 (#1843)

Browse Source 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
dependabot[bot]
2023-05-29 14:03:08 +01:00
committed by GitHub
parent f620ee8da9
commit 049b02aab1
5 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
vendor/github.com/microcosm-cc/bluemonday/policy.go generated vendored
View File

@ -117,6 +117,10 @@ type Policy struct {
// returning true are allowed.
allowURLSchemes map[string][]urlPolicy
// These regexps are used to match allowed URL schemes, for example
// if one would want to allow all URL schemes, they would add `.+`
allowURLSchemeRegexps []*regexp.Regexp
// If an element has had all attributes removed as a result of a policy
// being applied, then the element would be removed from the output.
//
@ -221,6 +225,7 @@ func (p *Policy) init() {
p.elsMatchingAndStyles = make(map[*regexp.Regexp]map[string][]stylePolicy)
p.globalStyles = make(map[string][]stylePolicy)
p.allowURLSchemes = make(map[string][]urlPolicy)
p.allowURLSchemeRegexps = make([]*regexp.Regexp, 0)
p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{})
p.setOfElementsToSkipContent = make(map[string]struct{})
p.initialized = true
@ -563,6 +568,13 @@ func (p *Policy) AllowElementsMatching(regex *regexp.Regexp) *Policy {
return p
}
// AllowURLSchemesMatching will append URL schemes to the allowlist if they
// match a regexp.
func (p *Policy) AllowURLSchemesMatching(r *regexp.Regexp) *Policy {
p.allowURLSchemeRegexps = append(p.allowURLSchemeRegexps, r)
return p
}
// RequireNoFollowOnLinks will result in all a, area, link tags having a
// rel="nofollow"added to them if one does not already exist
//

6
vendor/github.com/microcosm-cc/bluemonday/sanitize.go generated vendored
View File

@ -852,6 +852,7 @@ func (p *Policy) sanitizeStyles(attr html.Attribute, elementName string) html.At
}
//Add semi-colon to end to fix parsing issue
attr.Val = strings.TrimRight(attr.Val, " ")
if len(attr.Val) > 0 && attr.Val[len(attr.Val)-1] != ';' {
attr.Val = attr.Val + ";"
}
@ -969,6 +970,11 @@ func (p *Policy) validURL(rawurl string) (string, bool) {
}
if u.Scheme != "" {
for _, r := range p.allowURLSchemeRegexps {
if r.MatchString(u.Scheme) {
return u.String(), true
}
}
urlPolicies, ok := p.allowURLSchemes[u.Scheme]
if !ok {