diff options
| author |  dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | 2023-07-24 10:21:14 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2023-07-24 10:21:14 +0000 |
| commit | b05f6c8f56684cca0754dadfe673b9a13db6ab42 (patch) | |
| tree | bc4d52ae6e83e3ed06ff80268bb08be7b7184a78 /vendor/github.com/yuin/goldmark/renderer/html/html.go | |
| parent | [chore]: Bump codeberg.org/gruf/go-cache/v3 from 3.4.1 to 3.4.3 (#2022) (diff) | |
| download | gotosocial-b05f6c8f56684cca0754dadfe673b9a13db6ab42.tar.xz | |
[chore]: Bump github.com/yuin/goldmark from 1.5.4 to 1.5.5 (#2023)
Diffstat (limited to 'vendor/github.com/yuin/goldmark/renderer/html/html.go')
| -rw-r--r-- | vendor/github.com/yuin/goldmark/renderer/html/html.go | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/vendor/github.com/yuin/goldmark/renderer/html/html.go b/vendor/github.com/yuin/goldmark/renderer/html/html.go index 7bf2ab808..72f7e74d8 100644 --- a/vendor/github.com/yuin/goldmark/renderer/html/html.go +++ b/vendor/github.com/yuin/goldmark/renderer/html/html.go @@ -901,20 +901,24 @@ var bVb = []byte("vbscript:") var bFile = []byte("file:") var bData = []byte("data:") +func hasPrefix(s, prefix []byte) bool { + return len(s) >= len(prefix) && bytes.Equal(bytes.ToLower(s[0:len(prefix)]), bytes.ToLower(prefix)) +} + // IsDangerousURL returns true if the given url seems a potentially dangerous url, // otherwise false. func IsDangerousURL(url []byte) bool { - if bytes.HasPrefix(url, bDataImage) && len(url) >= 11 { + if hasPrefix(url, bDataImage) && len(url) >= 11 { v := url[11:] - if bytes.HasPrefix(v, bPng) || bytes.HasPrefix(v, bGif) || - bytes.HasPrefix(v, bJpeg) || bytes.HasPrefix(v, bWebp) || - bytes.HasPrefix(v, bSvg) { + if hasPrefix(v, bPng) || hasPrefix(v, bGif) || + hasPrefix(v, bJpeg) || hasPrefix(v, bWebp) || + hasPrefix(v, bSvg) { return false } return true } - return bytes.HasPrefix(url, bJs) || bytes.HasPrefix(url, bVb) || - bytes.HasPrefix(url, bFile) || bytes.HasPrefix(url, bData) + return hasPrefix(url, bJs) || hasPrefix(url, bVb) || + hasPrefix(url, bFile) || hasPrefix(url, bData) } func nodeToHTMLText(n ast.Node, source []byte) []byte { |