gitea/modules/markup
KN4CK3R ab54310731
Disallow dangerous URL schemes (#25960) (#25964)
Regression: https://github.com/go-gitea/gitea/pull/24805
Closes: #25945

- Disallow `javascript`, `vbscript` and `data` (data uri images still
work) url schemes even if all other schemes are allowed
- Fixed older `cbthunderlink` tests

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-18 19:48:52 +00:00
..
asciicast Support asciicast files as new markup (#22448) 2023-01-18 08:46:58 +08:00
common Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
console Add context when rendering labels or emojis (#23281) 2023-03-05 22:59:05 +01:00
csv Add context when rendering labels or emojis (#23281) 2023-03-05 22:59:05 +01:00
external Log STDERR of external renderer when it fails (#22442) 2023-01-13 20:41:23 +00:00
markdown Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
mdstripper Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
orgmode Add context when rendering labels or emojis (#23281) 2023-03-05 22:59:05 +01:00
camo_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
camo.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
html_internal_test.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
html_test.go Refactor path & config system (#25330) (#25416) 2023-06-22 16:27:18 +00:00
html.go Add RTL rendering support to Markdown (#24816) 2023-05-20 23:02:52 +02:00
renderer_test.go Move IsReadmeFile* from modules/markup/ to modules/util (#22877) 2023-02-13 15:01:09 -05:00
renderer.go Add RTL rendering support to Markdown (#24816) 2023-05-20 23:02:52 +02:00
sanitizer_test.go Disallow dangerous URL schemes (#25960) (#25964) 2023-07-18 19:48:52 +00:00
sanitizer.go Disallow dangerous URL schemes (#25960) (#25964) 2023-07-18 19:48:52 +00:00