summaryrefslogtreecommitdiff
path: root/vendor/github.com
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com')
-rw-r--r--vendor/github.com/microcosm-cc/bluemonday/policy.go12
-rw-r--r--vendor/github.com/microcosm-cc/bluemonday/sanitize.go6
2 files changed, 18 insertions, 0 deletions
diff --git a/vendor/github.com/microcosm-cc/bluemonday/policy.go b/vendor/github.com/microcosm-cc/bluemonday/policy.go
index c446fad0f..995f46c2d 100644
--- a/vendor/github.com/microcosm-cc/bluemonday/policy.go
+++ b/vendor/github.com/microcosm-cc/bluemonday/policy.go
@@ -117,6 +117,10 @@ type Policy struct {
// returning true are allowed.
allowURLSchemes map[string][]urlPolicy
+ // These regexps are used to match allowed URL schemes, for example
+ // if one would want to allow all URL schemes, they would add `.+`
+ allowURLSchemeRegexps []*regexp.Regexp
+
// If an element has had all attributes removed as a result of a policy
// being applied, then the element would be removed from the output.
//
@@ -221,6 +225,7 @@ func (p *Policy) init() {
p.elsMatchingAndStyles = make(map[*regexp.Regexp]map[string][]stylePolicy)
p.globalStyles = make(map[string][]stylePolicy)
p.allowURLSchemes = make(map[string][]urlPolicy)
+ p.allowURLSchemeRegexps = make([]*regexp.Regexp, 0)
p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{})
p.setOfElementsToSkipContent = make(map[string]struct{})
p.initialized = true
@@ -563,6 +568,13 @@ func (p *Policy) AllowElementsMatching(regex *regexp.Regexp) *Policy {
return p
}
+// AllowURLSchemesMatching will append URL schemes to the allowlist if they
+// match a regexp.
+func (p *Policy) AllowURLSchemesMatching(r *regexp.Regexp) *Policy {
+ p.allowURLSchemeRegexps = append(p.allowURLSchemeRegexps, r)
+ return p
+}
+
// RequireNoFollowOnLinks will result in all a, area, link tags having a
// rel="nofollow"added to them if one does not already exist
//
diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
index 104614583..9121aefb0 100644
--- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
+++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
@@ -852,6 +852,7 @@ func (p *Policy) sanitizeStyles(attr html.Attribute, elementName string) html.At
}
//Add semi-colon to end to fix parsing issue
+ attr.Val = strings.TrimRight(attr.Val, " ")
if len(attr.Val) > 0 && attr.Val[len(attr.Val)-1] != ';' {
attr.Val = attr.Val + ";"
}
@@ -969,6 +970,11 @@ func (p *Policy) validURL(rawurl string) (string, bool) {
}
if u.Scheme != "" {
+ for _, r := range p.allowURLSchemeRegexps {
+ if r.MatchString(u.Scheme) {
+ return u.String(), true
+ }
+ }
urlPolicies, ok := p.allowURLSchemes[u.Scheme]
if !ok {
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-15 06:20:20 +0000