diff --git a/go.mod b/go.mod index 7a4923e9e460b..ce22ba2204ce3 100644 --- a/go.mod +++ b/go.mod @@ -82,7 +82,7 @@ require ( github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mattn/go-sqlite3 v1.14.8 github.com/mholt/archiver/v3 v3.5.0 - github.com/microcosm-cc/bluemonday v1.0.15 + github.com/microcosm-cc/bluemonday v1.0.16 github.com/miekg/dns v1.1.43 // indirect github.com/minio/md5-simd v1.1.2 // indirect github.com/minio/minio-go/v7 v7.0.12 diff --git a/go.sum b/go.sum index d935b6b8495d0..fcf4e9f9e1f64 100644 --- a/go.sum +++ b/go.sum @@ -869,8 +869,8 @@ github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk= github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/mholt/archiver/v3 v3.5.0 h1:nE8gZIrw66cu4osS/U7UW7YDuGMHssxKutU8IfWxwWE= github.com/mholt/archiver/v3 v3.5.0/go.mod h1:qqTTPUK/HZPFgFQ/TJ3BzvTpF/dPtFVJXdQbCmeMxwc= -github.com/microcosm-cc/bluemonday v1.0.15 h1:J4uN+qPng9rvkBZBoBb8YGR+ijuklIMpSOZZLjYpbeY= -github.com/microcosm-cc/bluemonday v1.0.15/go.mod h1:ZLvAzeakRwrGnzQEvstVzVt3ZpqOF2+sdFr0Om+ce30= +github.com/microcosm-cc/bluemonday v1.0.16 h1:kHmAq2t7WPWLjiGvzKa5o3HzSfahUKiOq7fAPUiMNIc= +github.com/microcosm-cc/bluemonday v1.0.16/go.mod h1:Z0r70sCuXHig8YpBzCc5eGHAap2K7e/u082ZUpDRRqM= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.42/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= diff --git a/vendor/github.com/microcosm-cc/bluemonday/.editorconfig b/vendor/github.com/microcosm-cc/bluemonday/.editorconfig new file mode 100644 index 0000000000000..006bc2fc77947 --- /dev/null +++ b/vendor/github.com/microcosm-cc/bluemonday/.editorconfig @@ -0,0 +1,4 @@ +root = true + +[*] +end_of_line = lf diff --git a/vendor/github.com/microcosm-cc/bluemonday/.gitattributes b/vendor/github.com/microcosm-cc/bluemonday/.gitattributes new file mode 100644 index 0000000000000..6313b56c57848 --- /dev/null +++ b/vendor/github.com/microcosm-cc/bluemonday/.gitattributes @@ -0,0 +1 @@ +* text=auto eol=lf diff --git a/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md b/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md index b3185f543850c..68fa88da809d9 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md +++ b/vendor/github.com/microcosm-cc/bluemonday/CREDITS.md @@ -4,4 +4,5 @@ 1. Andrew Krasichkov @buglloc https://github.com/buglloc 1. Mike Samuel mikesamuel@gmail.com 1. Dmitri Shuralyov shurcooL@gmail.com -1. https://github.com/opennota \ No newline at end of file +1. opennota https://github.com/opennota https://gitlab.com/opennota +1. Tom Anthony https://www.tomanthony.co.uk/ \ No newline at end of file diff --git a/vendor/github.com/microcosm-cc/bluemonday/Makefile b/vendor/github.com/microcosm-cc/bluemonday/Makefile index b5903a2e8697f..dcd042a712b68 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/Makefile +++ b/vendor/github.com/microcosm-cc/bluemonday/Makefile @@ -3,6 +3,7 @@ # all: Builds the code locally after testing # # fmt: Formats the source files +# fmt-check: Check if the source files are formated # build: Builds the code locally # vet: Vets the code # lint: Runs lint over the code (you do not need to fix everything) @@ -11,6 +12,8 @@ # # install: Builds, tests and installs the code locally +GOFILES_NOVENDOR = $(shell find . -type f -name '*.go' -not -path "./vendor/*" -not -path "./.git/*") + .PHONY: all fmt build vet lint test cover install # The first target is always the default action if `make` is called without @@ -19,7 +22,10 @@ all: fmt vet test install fmt: - @gofmt -s -w ./$* + @gofmt -s -w ${GOFILES_NOVENDOR} + +fmt-check: + @([ -z "$(shell gofmt -d $(GOFILES_NOVENDOR) | head)" ]) || (echo "Source is unformatted"; exit 1) build: @go build diff --git a/vendor/github.com/microcosm-cc/bluemonday/README.md b/vendor/github.com/microcosm-cc/bluemonday/README.md index 6a34473efa3ee..d20debf0ec114 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/README.md +++ b/vendor/github.com/microcosm-cc/bluemonday/README.md @@ -180,7 +180,7 @@ p.AllowElementsMatching(regex.MustCompile(`^my-element-`)) Or add elements as a virtue of adding an attribute: ```go -// Not the recommended pattern, see the recommendation on using .Matching() below +// Note the recommended pattern, see the recommendation on using .Matching() below p.AllowAttrs("nowrap").OnElements("td", "th") ``` @@ -222,7 +222,7 @@ p.AllowElements("fieldset", "select", "option") Although it's possible to handle inline CSS using `AllowAttrs` with a `Matching` rule, writing a single monolithic regular expression to safely process all inline CSS which you wish to allow is not a trivial task. Instead of attempting to do so, you can allow the `style` attribute on whichever element(s) you desire and use style policies to control and sanitize inline styles. -It is suggested that you use `Matching` (with a suitable regular expression) +It is strongly recommended that you use `Matching` (with a suitable regular expression) `MatchingEnum`, or `MatchingHandler` to ensure each style matches your needs, but default handlers are supplied for most widely used styles. @@ -379,6 +379,8 @@ Both examples exhibit the same issue, they declare attributes but do not then sp We are not yet including any tools to help allow and sanitize CSS. Which means that unless you wish to do the heavy lifting in a single regular expression (inadvisable), **you should not allow the "style" attribute anywhere**. +In the same theme, both `