forgejo/modules/markup
KN4CK3R 8af96f585f
Disallow dangerous url schemes (#25960)
Regression: https://github.com/go-gitea/gitea/pull/24805
Closes: #25945

- Disallow `javascript`, `vbscript` and `data` (data uri images still
work) url schemes even if all other schemes are allowed
- Fixed older `cbthunderlink` tests

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-18 15:18:37 +00:00
..
asciicast
common
console
csv
external
markdown Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
mdstripper
orgmode Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
camo.go
camo_test.go
html.go
html_internal_test.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
html_test.go
renderer.go
renderer_test.go
sanitizer.go Disallow dangerous url schemes (#25960) 2023-07-18 15:18:37 +00:00
sanitizer_test.go Disallow dangerous url schemes (#25960) 2023-07-18 15:18:37 +00:00