forgejo/modules/markup
Gusted 3a197f7de2
fix: strict matching of allowed content for sanitizer
- _Simply_ add `^$` to regexp that didn't had it yet, this avoids any
content being allowed that simply had the allowed content as a
substring.
- Fix file-preview regex to have `$` instead of `*`.

(cherry picked from commit 7067cc7da4)

v7: added fix for ref-issue, this is already fixed in forgejo branch but
not backported as it was part of a feature.
2024-11-15 11:59:35 +01:00
..
asciicast Support asciicast files as new markup (#22448) 2023-01-18 08:46:58 +08:00
common [GITEA] test markdown CleanValue to prevent regression 2024-02-05 16:09:41 +01:00
console enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
csv enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
external Rework markup link rendering (#26745) 2024-01-15 08:49:24 +00:00
markdown chore(lint): make testifylint happy 2024-08-04 12:35:20 +02:00
mdstripper Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
orgmode enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
tests/repo/repo1_filepreview [v7.0/forgejo] Render inline file permalinks 2024-04-01 16:15:58 +02:00
camo.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
camo_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
file_preview.go Fix issue where rendering stops after the first invalid parmalink 2024-04-20 10:24:54 +00:00
html.go Fix IsObjectExist with gogit (#31790) (#31806) 2024-08-11 09:41:23 +02:00
html_internal_test.go [BUG] Render references to cross-repo issues with external issues 2024-08-07 05:43:12 +00:00
html_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
renderer.go [v7.0/forgejo] Render inline file permalinks 2024-04-01 16:15:58 +02:00
renderer_test.go Move IsReadmeFile* from modules/markup/ to modules/util (#22877) 2023-02-13 15:01:09 -05:00
sanitizer.go fix: strict matching of allowed content for sanitizer 2024-11-15 11:59:35 +01:00
sanitizer_test.go disallow javascript: URI in the repository description 2024-08-09 05:57:13 +00:00