diff options
Diffstat (limited to 'vendor/github.com/microcosm-cc/bluemonday/sanitize.go')
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/sanitize.go | 57 |
1 files changed, 15 insertions, 42 deletions
diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go index 9121aefb0..2792fb33b 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go +++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go @@ -95,41 +95,6 @@ func (p *Policy) SanitizeReaderToWriter(r io.Reader, w io.Writer) error { return p.sanitize(r, w) } -const escapedURLChars = "'<>\"\r" - -func escapeUrlComponent(w stringWriterWriter, val string) error { - i := strings.IndexAny(val, escapedURLChars) - for i != -1 { - if _, err := w.WriteString(val[:i]); err != nil { - return err - } - var esc string - switch val[i] { - case '\'': - // "'" is shorter than "'" and apos was not in HTML until HTML5. - esc = "'" - case '<': - esc = "<" - case '>': - esc = ">" - case '"': - // """ is shorter than """. - esc = """ - case '\r': - esc = " " - default: - panic("unrecognized escape character") - } - val = val[i+1:] - if _, err := w.WriteString(esc); err != nil { - return err - } - i = strings.IndexAny(val, escapedURLChars) - } - _, err := w.WriteString(val) - return err -} - // Query represents a single part of the query string, a query param type Query struct { Key string @@ -612,6 +577,14 @@ attrsLoop: case "audio", "embed", "iframe", "img", "script", "source", "track", "video": if htmlAttr.Key == "src" { if u, ok := p.validURL(htmlAttr.Val); ok { + if p.srcRewriter != nil { + parsedURL, err := url.Parse(u) + if err != nil { + fmt.Println(err) + } + p.srcRewriter(parsedURL) + u = parsedURL.String() + } htmlAttr.Val = u tmpAttrs = append(tmpAttrs, htmlAttr) } @@ -970,14 +943,14 @@ func (p *Policy) validURL(rawurl string) (string, bool) { } if u.Scheme != "" { - for _, r := range p.allowURLSchemeRegexps { - if r.MatchString(u.Scheme) { - return u.String(), true - } - } - urlPolicies, ok := p.allowURLSchemes[u.Scheme] if !ok { + for _, r := range p.allowURLSchemeRegexps { + if r.MatchString(u.Scheme) { + return u.String(), true + } + } + return "", false } @@ -986,7 +959,7 @@ func (p *Policy) validURL(rawurl string) (string, bool) { } for _, urlPolicy := range urlPolicies { - if urlPolicy(u) == true { + if urlPolicy(u) { return u.String(), true } } |