summaryrefslogtreecommitdiff
path: root/vendor/github.com/yuin/goldmark/renderer/html/html.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/yuin/goldmark/renderer/html/html.go')
-rw-r--r--vendor/github.com/yuin/goldmark/renderer/html/html.go16
1 files changed, 10 insertions, 6 deletions
diff --git a/vendor/github.com/yuin/goldmark/renderer/html/html.go b/vendor/github.com/yuin/goldmark/renderer/html/html.go
index 7bf2ab808..72f7e74d8 100644
--- a/vendor/github.com/yuin/goldmark/renderer/html/html.go
+++ b/vendor/github.com/yuin/goldmark/renderer/html/html.go
@@ -901,20 +901,24 @@ var bVb = []byte("vbscript:")
var bFile = []byte("file:")
var bData = []byte("data:")
+func hasPrefix(s, prefix []byte) bool {
+ return len(s) >= len(prefix) && bytes.Equal(bytes.ToLower(s[0:len(prefix)]), bytes.ToLower(prefix))
+}
+
// IsDangerousURL returns true if the given url seems a potentially dangerous url,
// otherwise false.
func IsDangerousURL(url []byte) bool {
- if bytes.HasPrefix(url, bDataImage) && len(url) >= 11 {
+ if hasPrefix(url, bDataImage) && len(url) >= 11 {
v := url[11:]
- if bytes.HasPrefix(v, bPng) || bytes.HasPrefix(v, bGif) ||
- bytes.HasPrefix(v, bJpeg) || bytes.HasPrefix(v, bWebp) ||
- bytes.HasPrefix(v, bSvg) {
+ if hasPrefix(v, bPng) || hasPrefix(v, bGif) ||
+ hasPrefix(v, bJpeg) || hasPrefix(v, bWebp) ||
+ hasPrefix(v, bSvg) {
return false
}
return true
}
- return bytes.HasPrefix(url, bJs) || bytes.HasPrefix(url, bVb) ||
- bytes.HasPrefix(url, bFile) || bytes.HasPrefix(url, bData)
+ return hasPrefix(url, bJs) || hasPrefix(url, bVb) ||
+ hasPrefix(url, bFile) || hasPrefix(url, bData)
}
func nodeToHTMLText(n ast.Node, source []byte) []byte {