[chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.23 to 1.0.24 (#1843)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
parent
f620ee8da9
commit
049b02aab1
2
go.mod
2
go.mod
|
@ -34,7 +34,7 @@ require (
|
||||||
github.com/h2non/filetype v1.1.3
|
github.com/h2non/filetype v1.1.3
|
||||||
github.com/jackc/pgconn v1.14.0
|
github.com/jackc/pgconn v1.14.0
|
||||||
github.com/jackc/pgx/v5 v5.3.1
|
github.com/jackc/pgx/v5 v5.3.1
|
||||||
github.com/microcosm-cc/bluemonday v1.0.23
|
github.com/microcosm-cc/bluemonday v1.0.24
|
||||||
github.com/miekg/dns v1.1.54
|
github.com/miekg/dns v1.1.54
|
||||||
github.com/minio/minio-go/v7 v7.0.55
|
github.com/minio/minio-go/v7 v7.0.55
|
||||||
github.com/mitchellh/mapstructure v1.5.0
|
github.com/mitchellh/mapstructure v1.5.0
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -443,8 +443,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
|
||||||
github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
|
github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
|
||||||
github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
|
github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
|
||||||
github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
|
github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
|
||||||
github.com/microcosm-cc/bluemonday v1.0.23 h1:SMZe2IGa0NuHvnVNAZ+6B38gsTbi5e4sViiWJyDDqFY=
|
github.com/microcosm-cc/bluemonday v1.0.24 h1:NGQoPtwGVcbGkKfvyYk1yRqknzBuoMiUrO6R7uFTPlw=
|
||||||
github.com/microcosm-cc/bluemonday v1.0.23/go.mod h1:mN70sk7UkkF8TUr2IGBpNN0jAgStuPzlK76QuruE/z4=
|
github.com/microcosm-cc/bluemonday v1.0.24/go.mod h1:ArQySAMps0790cHSkdPEJ7bGkF2VePWH773hsJNSHf8=
|
||||||
github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI=
|
github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI=
|
||||||
github.com/miekg/dns v1.1.54/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
|
github.com/miekg/dns v1.1.54/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
|
||||||
github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
|
github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
|
||||||
|
|
|
@ -117,6 +117,10 @@ type Policy struct {
|
||||||
// returning true are allowed.
|
// returning true are allowed.
|
||||||
allowURLSchemes map[string][]urlPolicy
|
allowURLSchemes map[string][]urlPolicy
|
||||||
|
|
||||||
|
// These regexps are used to match allowed URL schemes, for example
|
||||||
|
// if one would want to allow all URL schemes, they would add `.+`
|
||||||
|
allowURLSchemeRegexps []*regexp.Regexp
|
||||||
|
|
||||||
// If an element has had all attributes removed as a result of a policy
|
// If an element has had all attributes removed as a result of a policy
|
||||||
// being applied, then the element would be removed from the output.
|
// being applied, then the element would be removed from the output.
|
||||||
//
|
//
|
||||||
|
@ -221,6 +225,7 @@ func (p *Policy) init() {
|
||||||
p.elsMatchingAndStyles = make(map[*regexp.Regexp]map[string][]stylePolicy)
|
p.elsMatchingAndStyles = make(map[*regexp.Regexp]map[string][]stylePolicy)
|
||||||
p.globalStyles = make(map[string][]stylePolicy)
|
p.globalStyles = make(map[string][]stylePolicy)
|
||||||
p.allowURLSchemes = make(map[string][]urlPolicy)
|
p.allowURLSchemes = make(map[string][]urlPolicy)
|
||||||
|
p.allowURLSchemeRegexps = make([]*regexp.Regexp, 0)
|
||||||
p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{})
|
p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{})
|
||||||
p.setOfElementsToSkipContent = make(map[string]struct{})
|
p.setOfElementsToSkipContent = make(map[string]struct{})
|
||||||
p.initialized = true
|
p.initialized = true
|
||||||
|
@ -563,6 +568,13 @@ func (p *Policy) AllowElementsMatching(regex *regexp.Regexp) *Policy {
|
||||||
return p
|
return p
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AllowURLSchemesMatching will append URL schemes to the allowlist if they
|
||||||
|
// match a regexp.
|
||||||
|
func (p *Policy) AllowURLSchemesMatching(r *regexp.Regexp) *Policy {
|
||||||
|
p.allowURLSchemeRegexps = append(p.allowURLSchemeRegexps, r)
|
||||||
|
return p
|
||||||
|
}
|
||||||
|
|
||||||
// RequireNoFollowOnLinks will result in all a, area, link tags having a
|
// RequireNoFollowOnLinks will result in all a, area, link tags having a
|
||||||
// rel="nofollow"added to them if one does not already exist
|
// rel="nofollow"added to them if one does not already exist
|
||||||
//
|
//
|
||||||
|
|
|
@ -852,6 +852,7 @@ func (p *Policy) sanitizeStyles(attr html.Attribute, elementName string) html.At
|
||||||
}
|
}
|
||||||
|
|
||||||
//Add semi-colon to end to fix parsing issue
|
//Add semi-colon to end to fix parsing issue
|
||||||
|
attr.Val = strings.TrimRight(attr.Val, " ")
|
||||||
if len(attr.Val) > 0 && attr.Val[len(attr.Val)-1] != ';' {
|
if len(attr.Val) > 0 && attr.Val[len(attr.Val)-1] != ';' {
|
||||||
attr.Val = attr.Val + ";"
|
attr.Val = attr.Val + ";"
|
||||||
}
|
}
|
||||||
|
@ -969,6 +970,11 @@ func (p *Policy) validURL(rawurl string) (string, bool) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if u.Scheme != "" {
|
if u.Scheme != "" {
|
||||||
|
for _, r := range p.allowURLSchemeRegexps {
|
||||||
|
if r.MatchString(u.Scheme) {
|
||||||
|
return u.String(), true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
urlPolicies, ok := p.allowURLSchemes[u.Scheme]
|
urlPolicies, ok := p.allowURLSchemes[u.Scheme]
|
||||||
if !ok {
|
if !ok {
|
||||||
|
|
|
@ -374,7 +374,7 @@ github.com/magiconair/properties
|
||||||
# github.com/mattn/go-isatty v0.0.18
|
# github.com/mattn/go-isatty v0.0.18
|
||||||
## explicit; go 1.15
|
## explicit; go 1.15
|
||||||
github.com/mattn/go-isatty
|
github.com/mattn/go-isatty
|
||||||
# github.com/microcosm-cc/bluemonday v1.0.23
|
# github.com/microcosm-cc/bluemonday v1.0.24
|
||||||
## explicit; go 1.19
|
## explicit; go 1.19
|
||||||
github.com/microcosm-cc/bluemonday
|
github.com/microcosm-cc/bluemonday
|
||||||
github.com/microcosm-cc/bluemonday/css
|
github.com/microcosm-cc/bluemonday/css
|
||||||
|
|
Loading…
Reference in New Issue