diff options
Diffstat (limited to 'vendor')
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/policy.go | 12 | ||||
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/sanitize.go | 6 | ||||
| -rw-r--r-- | vendor/modules.txt | 2 |
3 files changed, 19 insertions, 1 deletions
diff --git a/vendor/github.com/microcosm-cc/bluemonday/policy.go b/vendor/github.com/microcosm-cc/bluemonday/policy.go index c446fad0f..995f46c2d 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/policy.go +++ b/vendor/github.com/microcosm-cc/bluemonday/policy.go @@ -117,6 +117,10 @@ type Policy struct { // returning true are allowed. allowURLSchemes map[string][]urlPolicy + // These regexps are used to match allowed URL schemes, for example + // if one would want to allow all URL schemes, they would add `.+` + allowURLSchemeRegexps []*regexp.Regexp + // If an element has had all attributes removed as a result of a policy // being applied, then the element would be removed from the output. // @@ -221,6 +225,7 @@ func (p *Policy) init() { p.elsMatchingAndStyles = make(map[*regexp.Regexp]map[string][]stylePolicy) p.globalStyles = make(map[string][]stylePolicy) p.allowURLSchemes = make(map[string][]urlPolicy) + p.allowURLSchemeRegexps = make([]*regexp.Regexp, 0) p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{}) p.setOfElementsToSkipContent = make(map[string]struct{}) p.initialized = true @@ -563,6 +568,13 @@ func (p *Policy) AllowElementsMatching(regex *regexp.Regexp) *Policy { return p } +// AllowURLSchemesMatching will append URL schemes to the allowlist if they +// match a regexp. +func (p *Policy) AllowURLSchemesMatching(r *regexp.Regexp) *Policy { + p.allowURLSchemeRegexps = append(p.allowURLSchemeRegexps, r) + return p +} + // RequireNoFollowOnLinks will result in all a, area, link tags having a // rel="nofollow"added to them if one does not already exist // diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go index 104614583..9121aefb0 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go +++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go @@ -852,6 +852,7 @@ func (p *Policy) sanitizeStyles(attr html.Attribute, elementName string) html.At } //Add semi-colon to end to fix parsing issue + attr.Val = strings.TrimRight(attr.Val, " ") if len(attr.Val) > 0 && attr.Val[len(attr.Val)-1] != ';' { attr.Val = attr.Val + ";" } @@ -969,6 +970,11 @@ func (p *Policy) validURL(rawurl string) (string, bool) { } if u.Scheme != "" { + for _, r := range p.allowURLSchemeRegexps { + if r.MatchString(u.Scheme) { + return u.String(), true + } + } urlPolicies, ok := p.allowURLSchemes[u.Scheme] if !ok { diff --git a/vendor/modules.txt b/vendor/modules.txt index 3977421e9..ae48d100f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -374,7 +374,7 @@ github.com/magiconair/properties # github.com/mattn/go-isatty v0.0.18 ## explicit; go 1.15 github.com/mattn/go-isatty -# github.com/microcosm-cc/bluemonday v1.0.23 +# github.com/microcosm-cc/bluemonday v1.0.24 ## explicit; go 1.19 github.com/microcosm-cc/bluemonday github.com/microcosm-cc/bluemonday/css |