mirror of
https://github.com/documize/community.git
synced 2025-07-31 19:19:43 +02:00
Bump version to 5.11.0
This commit is contained in:
Harvey Kandola
parent
a32510b8e6
commit
510e1bd0bd
370 changed files with 18825 additions and 5454 deletions
80
vendor/github.com/microcosm-cc/bluemonday/sanitize.go
generated
vendored
80
vendor/github.com/microcosm-cc/bluemonday/sanitize.go
generated
vendored
|
|
@ -95,41 +95,6 @@ func (p *Policy) SanitizeReaderToWriter(r io.Reader, w io.Writer) error {
|
|||
return p.sanitize(r, w)
|
||||
}
|
||||
|
||||
const escapedURLChars = "'<>\"\r"
|
||||
|
||||
func escapeUrlComponent(w stringWriterWriter, val string) error {
|
||||
i := strings.IndexAny(val, escapedURLChars)
|
||||
for i != -1 {
|
||||
if _, err := w.WriteString(val[:i]); err != nil {
|
||||
return err
|
||||
}
|
||||
var esc string
|
||||
switch val[i] {
|
||||
case '\'':
|
||||
// "'" is shorter than "'" and apos was not in HTML until HTML5.
|
||||
esc = "'"
|
||||
case '<':
|
||||
esc = "<"
|
||||
case '>':
|
||||
esc = ">"
|
||||
case '"':
|
||||
// """ is shorter than """.
|
||||
esc = """
|
||||
case '\r':
|
||||
esc = " "
|
||||
default:
|
||||
panic("unrecognized escape character")
|
||||
}
|
||||
val = val[i+1:]
|
||||
if _, err := w.WriteString(esc); err != nil {
|
||||
return err
|
||||
}
|
||||
i = strings.IndexAny(val, escapedURLChars)
|
||||
}
|
||||
_, err := w.WriteString(val)
|
||||
return err
|
||||
}
|
||||
|
||||
// Query represents a single part of the query string, a query param
|
||||
type Query struct {
|
||||
Key string
|
||||
|
|
@ -322,9 +287,7 @@ func (p *Policy) sanitize(r io.Reader, w io.Writer) error {
|
|||
aps = aa
|
||||
}
|
||||
if len(token.Attr) != 0 {
|
||||
token.Attr = escapeAttributes(
|
||||
p.sanitizeAttrs(token.Data, token.Attr, aps),
|
||||
)
|
||||
token.Attr = p.sanitizeAttrs(token.Data, token.Attr, aps)
|
||||
}
|
||||
|
||||
if len(token.Attr) == 0 {
|
||||
|
|
@ -434,7 +397,7 @@ func (p *Policy) sanitize(r io.Reader, w io.Writer) error {
|
|||
}
|
||||
|
||||
if len(token.Attr) != 0 {
|
||||
token.Attr = escapeAttributes(p.sanitizeAttrs(token.Data, token.Attr, aps))
|
||||
token.Attr = p.sanitizeAttrs(token.Data, token.Attr, aps)
|
||||
}
|
||||
|
||||
if len(token.Attr) == 0 && !p.allowNoAttrs(token.Data) {
|
||||
|
|
@ -442,8 +405,8 @@ func (p *Policy) sanitize(r io.Reader, w io.Writer) error {
|
|||
if _, err := buff.WriteString(" "); err != nil {
|
||||
return err
|
||||
}
|
||||
break
|
||||
}
|
||||
break
|
||||
}
|
||||
if !skipElementContent {
|
||||
if _, err := buff.WriteString(token.String()); err != nil {
|
||||
|
|
@ -565,11 +528,9 @@ attrsLoop:
|
|||
for _, ap := range apl {
|
||||
if ap.regexp != nil {
|
||||
if ap.regexp.MatchString(htmlAttr.Val) {
|
||||
htmlAttr.Val = escapeAttribute(htmlAttr.Val)
|
||||
cleanAttrs = append(cleanAttrs, htmlAttr)
|
||||
}
|
||||
} else {
|
||||
htmlAttr.Val = escapeAttribute(htmlAttr.Val)
|
||||
cleanAttrs = append(cleanAttrs, htmlAttr)
|
||||
}
|
||||
}
|
||||
|
|
@ -616,6 +577,14 @@ attrsLoop:
|
|||
case "audio", "embed", "iframe", "img", "script", "source", "track", "video":
|
||||
if htmlAttr.Key == "src" {
|
||||
if u, ok := p.validURL(htmlAttr.Val); ok {
|
||||
if p.srcRewriter != nil {
|
||||
parsedURL, err := url.Parse(u)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
p.srcRewriter(parsedURL)
|
||||
u = parsedURL.String()
|
||||
}
|
||||
htmlAttr.Val = u
|
||||
tmpAttrs = append(tmpAttrs, htmlAttr)
|
||||
}
|
||||
|
|
@ -856,6 +825,7 @@ func (p *Policy) sanitizeStyles(attr html.Attribute, elementName string) html.At
|
|||
}
|
||||
|
||||
//Add semi-colon to end to fix parsing issue
|
||||
attr.Val = strings.TrimRight(attr.Val, " ")
|
||||
if len(attr.Val) > 0 && attr.Val[len(attr.Val)-1] != ';' {
|
||||
attr.Val = attr.Val + ";"
|
||||
}
|
||||
|
|
@ -973,9 +943,14 @@ func (p *Policy) validURL(rawurl string) (string, bool) {
|
|||
}
|
||||
|
||||
if u.Scheme != "" {
|
||||
|
||||
urlPolicies, ok := p.allowURLSchemes[u.Scheme]
|
||||
if !ok {
|
||||
for _, r := range p.allowURLSchemeRegexps {
|
||||
if r.MatchString(u.Scheme) {
|
||||
return u.String(), true
|
||||
}
|
||||
}
|
||||
|
||||
return "", false
|
||||
}
|
||||
|
||||
|
|
@ -984,7 +959,7 @@ func (p *Policy) validURL(rawurl string) (string, bool) {
|
|||
}
|
||||
|
||||
for _, urlPolicy := range urlPolicies {
|
||||
if urlPolicy(u) == true {
|
||||
if urlPolicy(u) {
|
||||
return u.String(), true
|
||||
}
|
||||
}
|
||||
|
|
@ -1023,7 +998,7 @@ func linkable(elementName string) bool {
|
|||
// stringInSlice returns true if needle exists in haystack
|
||||
func stringInSlice(needle string, haystack []string) bool {
|
||||
for _, straw := range haystack {
|
||||
if strings.ToLower(straw) == strings.ToLower(needle) {
|
||||
if strings.EqualFold(straw, needle) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
@ -1112,18 +1087,3 @@ func normaliseElementName(str string) string {
|
|||
`"`,
|
||||
)
|
||||
}
|
||||
|
||||
func escapeAttributes(attrs []html.Attribute) []html.Attribute {
|
||||
escapedAttrs := []html.Attribute{}
|
||||
for _, attr := range attrs {
|
||||
attr.Val = escapeAttribute(attr.Val)
|
||||
escapedAttrs = append(escapedAttrs, attr)
|
||||
}
|
||||
return escapedAttrs
|
||||
}
|
||||
|
||||
func escapeAttribute(val string) string {
|
||||
val = strings.Replace(val, string([]rune{'\u00A0'}), ` `, -1)
|
||||
val = strings.Replace(val, `"`, `"`, -1)
|
||||
return val
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue