Disallow dangerous url schemes (#25960)
Regression: https://github.com/go-gitea/gitea/pull/24805 Closes: #25945 - Disallow `javascript`, `vbscript` and `data` (data uri images still work) url schemes even if all other schemes are allowed - Fixed older `cbthunderlink` tests --------- Co-authored-by: delvh <dev.lh@web.de>
This commit is contained in:
KN4CK3R
GitHub
parent
cc73e84fa3
commit
8af96f585f
4 changed files with 19 additions and 5 deletions
2
go.mod
2
go.mod
|
|
@ -76,7 +76,7 @@ require (
|
|||
github.com/mattn/go-sqlite3 v1.14.17
|
||||
github.com/meilisearch/meilisearch-go v0.25.0
|
||||
github.com/mholt/archiver/v3 v3.5.1
|
||||
github.com/microcosm-cc/bluemonday v1.0.24
|
||||
github.com/microcosm-cc/bluemonday v1.0.25
|
||||
github.com/minio/minio-go/v7 v7.0.60
|
||||
github.com/minio/sha256-simd v1.0.1
|
||||
github.com/msteinert/pam v1.1.0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue