diff options
| author |  dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | 2023-05-29 14:03:08 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2023-05-29 14:03:08 +0100 |
| commit | 049b02aab13190b3b12d2a255e30c955f02f9da2 (patch) | |
| tree | d622e3e5ff5cab00b0eb6a9e6ac34f39544f8797 /vendor/github.com/microcosm-cc/bluemonday/sanitize.go | |
| parent | [chore]: Bump github.com/coreos/go-oidc/v3 from 3.5.0 to 3.6.0 (#1840) (diff) | |
| download | gotosocial-049b02aab13190b3b12d2a255e30c955f02f9da2.tar.xz | |
[chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.23 to 1.0.24 (#1843)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Diffstat (limited to 'vendor/github.com/microcosm-cc/bluemonday/sanitize.go')
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/sanitize.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go index 104614583..9121aefb0 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go +++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go @@ -852,6 +852,7 @@ func (p *Policy) sanitizeStyles(attr html.Attribute, elementName string) html.At } //Add semi-colon to end to fix parsing issue + attr.Val = strings.TrimRight(attr.Val, " ") if len(attr.Val) > 0 && attr.Val[len(attr.Val)-1] != ';' { attr.Val = attr.Val + ";" } @@ -969,6 +970,11 @@ func (p *Policy) validURL(rawurl string) (string, bool) { } if u.Scheme != "" { + for _, r := range p.allowURLSchemeRegexps { + if r.MatchString(u.Scheme) { + return u.String(), true + } + } urlPolicies, ok := p.allowURLSchemes[u.Scheme] if !ok { |