From 5769722c583474d9ea3e346a7773261738245268 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 07:34:39 +0000 Subject: [PATCH] [chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.26 to 1.0.27 (#3081) --- go.mod | 4 +- go.sum | 8 ++-- vendor/github.com/gorilla/css/LICENSE | 47 +++++++++--------- .../github.com/gorilla/css/scanner/scanner.go | 6 ++- .../microcosm-cc/bluemonday/.coveralls.yml | 1 - .../microcosm-cc/bluemonday/.editorconfig | 4 -- .../microcosm-cc/bluemonday/.gitattributes | 1 - .../microcosm-cc/bluemonday/.gitignore | 15 ------ .../microcosm-cc/bluemonday/.travis.yml | 26 ---------- .../microcosm-cc/bluemonday/CONTRIBUTING.md | 9 ++-- .../microcosm-cc/bluemonday/LICENSE.md | 3 -- .../microcosm-cc/bluemonday/Makefile | 48 ------------------- .../microcosm-cc/bluemonday/README.md | 34 +------------ .../microcosm-cc/bluemonday/SECURITY.md | 8 ++-- .../microcosm-cc/bluemonday/css/handlers.go | 2 +- .../microcosm-cc/bluemonday/sanitize.go | 11 ++++- .../bluemonday/stringwriterwriter_go1.12.go | 11 ----- .../bluemonday/stringwriterwriter_ltgo1.12.go | 15 ------ vendor/modules.txt | 8 ++-- 19 files changed, 57 insertions(+), 204 deletions(-) delete mode 100644 vendor/github.com/microcosm-cc/bluemonday/.coveralls.yml delete mode 100644 vendor/github.com/microcosm-cc/bluemonday/.editorconfig delete mode 100644 vendor/github.com/microcosm-cc/bluemonday/.gitattributes delete mode 100644 vendor/github.com/microcosm-cc/bluemonday/.gitignore delete mode 100644 vendor/github.com/microcosm-cc/bluemonday/.travis.yml delete mode 100644 vendor/github.com/microcosm-cc/bluemonday/Makefile delete mode 100644 vendor/github.com/microcosm-cc/bluemonday/stringwriterwriter_go1.12.go delete mode 100644 vendor/github.com/microcosm-cc/bluemonday/stringwriterwriter_ltgo1.12.go diff --git a/go.mod b/go.mod index 222228782..bcc7f153f 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( github.com/gorilla/websocket v1.5.2 github.com/h2non/filetype v1.1.3 github.com/jackc/pgx/v5 v5.6.0 - github.com/microcosm-cc/bluemonday v1.0.26 + github.com/microcosm-cc/bluemonday v1.0.27 github.com/miekg/dns v1.1.61 github.com/minio/minio-go/v7 v7.0.72 github.com/mitchellh/mapstructure v1.5.0 @@ -142,7 +142,7 @@ require ( github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect github.com/gorilla/context v1.1.2 // indirect - github.com/gorilla/css v1.0.0 // indirect + github.com/gorilla/css v1.0.1 // indirect github.com/gorilla/handlers v1.5.2 // indirect github.com/gorilla/securecookie v1.1.2 // indirect github.com/gorilla/sessions v1.2.2 // indirect diff --git a/go.sum b/go.sum index 71aa991cc..98a2a79ff 100644 --- a/go.sum +++ b/go.sum @@ -331,8 +331,8 @@ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGa github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o= github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM= -github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY= -github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c= +github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8= +github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0= github.com/gorilla/feeds v1.2.0 h1:O6pBiXJ5JHhPvqy53NsjKOThq+dNFm8+DFrxBEdzSCc= github.com/gorilla/feeds v1.2.0/go.mod h1:WMib8uJP3BbY+X8Szd1rA5Pzhdfh+HCCAYT2z7Fza6Y= github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= @@ -416,8 +416,8 @@ github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58= -github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs= +github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk= +github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA= github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs= github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= diff --git a/vendor/github.com/gorilla/css/LICENSE b/vendor/github.com/gorilla/css/LICENSE index bee2a059d..ee0d53cef 100644 --- a/vendor/github.com/gorilla/css/LICENSE +++ b/vendor/github.com/gorilla/css/LICENSE @@ -1,27 +1,28 @@ -Copyright (c) 2013, Gorilla web toolkit -All rights reserved. +Copyright (c) 2023 The Gorilla Authors. All rights reserved. -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: - Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. - Redistributions in binary form must reproduce the above copyright notice, this - list of conditions and the following disclaimer in the documentation and/or - other materials provided with the distribution. +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - Neither the name of the {organization} nor the names of its - contributors may be used to endorse or promote products derived from - this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/gorilla/css/scanner/scanner.go b/vendor/github.com/gorilla/css/scanner/scanner.go index 23fa7404e..25a7c6576 100644 --- a/vendor/github.com/gorilla/css/scanner/scanner.go +++ b/vendor/github.com/gorilla/css/scanner/scanner.go @@ -191,7 +191,11 @@ func init() { // New returns a new CSS scanner for the given input. func New(input string) *Scanner { // Normalize newlines. + // https://www.w3.org/TR/css-syntax-3/#input-preprocessing input = strings.Replace(input, "\r\n", "\n", -1) + input = strings.Replace(input, "\r", "\n", -1) + input = strings.Replace(input, "\f", "\n", -1) + input = strings.Replace(input, "\u0000", "\ufffd", -1) return &Scanner{ input: input, row: 1, @@ -232,7 +236,7 @@ func (s *Scanner) Next() *Token { // shortcut before testing multiple regexps. input := s.input[s.pos:] switch input[0] { - case '\t', '\n', '\f', '\r', ' ': + case '\t', '\n', ' ': // Whitespace. return s.emitToken(TokenS, matchers[TokenS].FindString(input)) case '.': diff --git a/vendor/github.com/microcosm-cc/bluemonday/.coveralls.yml b/vendor/github.com/microcosm-cc/bluemonday/.coveralls.yml deleted file mode 100644 index e0c87602f..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/.coveralls.yml +++ /dev/null @@ -1 +0,0 @@ -repo_token: x2wlA1x0X8CK45ybWpZRCVRB4g7vtkhaw diff --git a/vendor/github.com/microcosm-cc/bluemonday/.editorconfig b/vendor/github.com/microcosm-cc/bluemonday/.editorconfig deleted file mode 100644 index 006bc2fc7..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/.editorconfig +++ /dev/null @@ -1,4 +0,0 @@ -root = true - -[*] -end_of_line = lf diff --git a/vendor/github.com/microcosm-cc/bluemonday/.gitattributes b/vendor/github.com/microcosm-cc/bluemonday/.gitattributes deleted file mode 100644 index 6313b56c5..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -* text=auto eol=lf diff --git a/vendor/github.com/microcosm-cc/bluemonday/.gitignore b/vendor/github.com/microcosm-cc/bluemonday/.gitignore deleted file mode 100644 index c3df40e7c..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/.gitignore +++ /dev/null @@ -1,15 +0,0 @@ - # Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib - -# Test binary, built with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# goland idea folder -*.idea \ No newline at end of file diff --git a/vendor/github.com/microcosm-cc/bluemonday/.travis.yml b/vendor/github.com/microcosm-cc/bluemonday/.travis.yml deleted file mode 100644 index 97175fbb8..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/.travis.yml +++ /dev/null @@ -1,26 +0,0 @@ -language: go -go: - - 1.2.x - - 1.3.x - - 1.4.x - - 1.5.x - - 1.6.x - - 1.7.x - - 1.8.x - - 1.9.x - - 1.10.x - - 1.11.x - - 1.12.x - - 1.13.x - - 1.14.x - - 1.15.x - - 1.16.x - - tip -matrix: - allow_failures: - - go: tip - fast_finish: true -install: - - go get . -script: - - go test -v ./... diff --git a/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md index 61b8cd352..d33909f81 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md +++ b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md @@ -8,7 +8,7 @@ Third-party patches are essential for keeping bluemonday secure and offering the ## Guidelines -1. Do not vendor dependencies. As a security package, were we to vendor dependencies the projects that then vendor bluemonday may not receive the latest security updates to the dependencies. By not vendoring dependencies the project that implements bluemonday will vendor the latest version of any dependent packages. Vendoring is a project problem, not a package problem. bluemonday will be tested against the latest version of dependencies periodically and during any PR/merge. +1. Do not vendor dependencies. Vendoring is a project problem, not a package problem. 2. I do not care about spelling mistakes or whitespace and I do not believe that you should either. PRs therefore must be functional in their nature or be substantial and impactful if documentation or examples. 3. This module does not participate in hacktober, please make your contributions meaningful. @@ -31,10 +31,9 @@ If you are reporting a security flaw, you may expect that we will provide the co 1. Include tests for your patch, 1 test should encapsulate the entire patch and should refer to the Github issue 1. If you have added new exposed/public functionality, you should ensure it is documented appropriately 1. If you have added new exposed/public functionality, you should consider demonstrating how to use it within one of the helpers or shipped policies if appropriate or within a test if modifying a helper or policy is not appropriate - 1. Run all of the tests `go test -v ./...` or `make test` and ensure all tests pass - 1. Run gofmt `gofmt -w ./$*` or `make fmt` - 1. Run vet `go tool vet *.go` or `make vet` and resolve any issues - 1. Install golint using `go get -u github.com/golang/lint/golint` and run vet `golint *.go` or `make lint` and resolve every warning + 1. Run all of the tests `go test -v ./...` and ensure all tests pass + 1. Run gofmt `go fmt ./...` + 1. Run vet `go vet ./...` and resolve any issues * When submitting the pull request you should 1. Note the issue(s) it resolves, i.e. `Closes #6` in the pull request comment to close issue #6 when the pull request is accepted diff --git a/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md b/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md index 2e6c493ba..f822458ed 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md +++ b/vendor/github.com/microcosm-cc/bluemonday/LICENSE.md @@ -1,6 +1,3 @@ -SPDX short identifier: BSD-3-Clause -https://opensource.org/licenses/BSD-3-Clause - Copyright (c) 2014, David Kitchen All rights reserved. diff --git a/vendor/github.com/microcosm-cc/bluemonday/Makefile b/vendor/github.com/microcosm-cc/bluemonday/Makefile deleted file mode 100644 index 97e9541d6..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -# Targets: -# -# all: Builds the code locally after testing -# -# fmt: Formats the source files -# fmt-check: Check if the source files are formated -# build: Builds the code locally -# vet: Vets the code -# staticcheck: Runs staticcheck over the code -# test: Runs the tests -# cover: Gives you the URL to a nice test coverage report -# -# install: Builds, tests and installs the code locally - -GOFILES_NOVENDOR = $(shell find . -type f -name '*.go' -not -path "./vendor/*" -not -path "./.git/*") - -.PHONY: all fmt build vet lint test cover install - -# The first target is always the default action if `make` is called without -# args we build and install into $GOPATH so that it can just be run - -all: fmt vet test install - -fmt: - @gofmt -s -w ${GOFILES_NOVENDOR} - -fmt-check: - @([ -z "$(shell gofmt -d $(GOFILES_NOVENDOR) | head)" ]) || (echo "Source is unformatted"; exit 1) - -build: - @go build - -vet: - @go vet - -staticcheck: - @staticcheck ./... - -test: - @go test -v ./... - -cover: COVERAGE_FILE := coverage.out -cover: - @go test -coverprofile=$(COVERAGE_FILE) && \ - go tool cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE) - -install: - @go install ./... diff --git a/vendor/github.com/microcosm-cc/bluemonday/README.md b/vendor/github.com/microcosm-cc/bluemonday/README.md index 8e658fea7..023a3041f 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/README.md +++ b/vendor/github.com/microcosm-cc/bluemonday/README.md @@ -56,14 +56,6 @@ The policy containing the allowlist is applied using a fast non-validating, forw We expect to be supplied with well-formatted HTML (closing elements for every applicable open element, nested correctly) and so we do not focus on repairing badly nested or incomplete HTML. We focus on simply ensuring that whatever elements do exist are described in the policy allowlist and that attributes and links are safe for use on your web page. [GIGO](http://en.wikipedia.org/wiki/Garbage_in,_garbage_out) does apply and if you feed it bad HTML bluemonday is not tasked with figuring out how to make it good again. -### Supported Go Versions - -bluemonday is tested on all versions since Go 1.2 including tip. - -We do not support Go 1.0 as we depend on `golang.org/x/net/html` which includes a reference to `io.ErrNoProgress` which did not exist in Go 1.0. - -We support Go 1.1 but Travis no longer tests against it. - ## Is it production ready? *Yes* @@ -76,7 +68,7 @@ We invite pull requests and issues to help us ensure we are offering comprehensi ## Usage -Install in your `${GOPATH}` using `go get -u github.com/microcosm-cc/bluemonday` +Install using `go get github.com/microcosm-cc/bluemonday` Then call it: ```go @@ -388,30 +380,6 @@ It is not the job of bluemonday to fix your bad HTML, it is merely the job of bl * Investigate whether devs want to blacklist elements and attributes. This would allow devs to take an existing policy (such as the `bluemonday.UGCPolicy()` ) that encapsulates 90% of what they're looking for but does more than they need, and to remove the extra things they do not want to make it 100% what they want * Investigate whether devs want a validating HTML mode, in which the HTML elements are not just transformed into a balanced tree (every start tag has a closing tag at the correct depth) but also that elements and character data appear only in their allowed context (i.e. that a `table` element isn't a descendent of a `caption`, that `colgroup`, `thead`, `tbody`, `tfoot` and `tr` are permitted, and that character data is not permitted) -## Development - -If you have cloned this repo you will probably need the dependency: - -`go get golang.org/x/net/html` - -Gophers can use their familiar tools: - -`go build` - -`go test` - -I personally use a Makefile as it spares typing the same args over and over whilst providing consistency for those of us who jump from language to language and enjoy just typing `make` in a project directory and watch magic happen. - -`make` will build, vet, test and install the library. - -`make clean` will remove the library from a *single* `${GOPATH}/pkg` directory tree - -`make test` will run the tests - -`make cover` will run the tests and *open a browser window* with the coverage report - -`make lint` will run golint (install via `go get github.com/golang/lint/golint`) - ## Long term goals 1. Open the code to adversarial peer review similar to the [Attack Review Ground Rules](https://code.google.com/p/owasp-java-html-sanitizer/wiki/AttackReviewGroundRules) diff --git a/vendor/github.com/microcosm-cc/bluemonday/SECURITY.md b/vendor/github.com/microcosm-cc/bluemonday/SECURITY.md index a344e7c05..682364e37 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/SECURITY.md +++ b/vendor/github.com/microcosm-cc/bluemonday/SECURITY.md @@ -4,12 +4,10 @@ Latest tag and tip are supported. -Older tags remain present but changes result in new tags and are not back ported... please verify any issue against the latest tag and tip. +Changes are not backported, please verify any issue against the latest tag and tip. ## Reporting a Vulnerability -Email: +Report vulnerabilities either via [GitHub's private reporting flow](https://github.com/microcosm-cc/bluemonday/security/advisories/new) or via email to the security@ alias of geomys.org. -Bluemonday is pure OSS and not maintained by a company. As such there is no bug bounty program but security issues will be taken seriously and resolved as soon as possible. - -The maintainer lives in the United Kingdom and whilst the email is monitored expect a reply or ACK when the maintainer is awake. +There is no bug bounty program but security issues will be taken seriously and resolved as soon as possible. diff --git a/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go b/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go index f8b8b61af..41a00c8cb 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go +++ b/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go @@ -291,7 +291,7 @@ Font = regexp.MustCompile(`^('[a-z \-]+'|[a-z \-]+)$`) Grayscale = regexp.MustCompile(`^grayscale\(([0-9]{1,2}|100)%\)$`) GridTemplateAreas = regexp.MustCompile(`^['"]?[a-z ]+['"]?$`) - HexRGB = regexp.MustCompile(`^#([0-9a-f]{3}|[0-9a-f]{6}|[0-9a-f]{8})$`) + HexRGB = regexp.MustCompile(`^#([0-9a-f]{3,4}|[0-9a-f]{6}|[0-9a-f]{8})$`) HSL = regexp.MustCompile(`^hsl\([ ]*([012]?[0-9]{1,2}|3[0-5][0-9]|360),[ ]*([0-9]{0,2}|100)\%,[ ]*([0-9]{0,2}|100)\%\)$`) HSLA = regexp.MustCompile(`^hsla\(([ ]*[012]?[0-9]{1,2}|3[0-5][0-9]|360),[ ]*([0-9]{0,2}|100)\%,[ ]*([0-9]{0,2}|100)\%,[ ]*(1|1\.0|0|(0\.[0-9]+))\)$`) HueRotate = regexp.MustCompile(`^hue-rotate\(([12]?[0-9]{1,2}|3[0-5][0-9]|360)?\)$`) diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go index 1f8d85526..47c31f7da 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go +++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go @@ -529,9 +529,11 @@ func (p *Policy) sanitizeAttrs( if ap.regexp != nil { if ap.regexp.MatchString(htmlAttr.Val) { cleanAttrs = append(cleanAttrs, htmlAttr) + continue attrsLoop } } else { cleanAttrs = append(cleanAttrs, htmlAttr) + continue attrsLoop } } } @@ -762,10 +764,10 @@ func (p *Policy) sanitizeAttrs( switch elementName { case "audio", "img", "link", "script", "video": var crossOriginFound bool - for _, htmlAttr := range cleanAttrs { + for i, htmlAttr := range cleanAttrs { if htmlAttr.Key == "crossorigin" { crossOriginFound = true - htmlAttr.Val = "anonymous" + cleanAttrs[i].Val = "anonymous" } } @@ -1087,3 +1089,8 @@ func normaliseElementName(str string) string { `"`, ) } + +type stringWriterWriter interface { + io.Writer + io.StringWriter +} diff --git a/vendor/github.com/microcosm-cc/bluemonday/stringwriterwriter_go1.12.go b/vendor/github.com/microcosm-cc/bluemonday/stringwriterwriter_go1.12.go deleted file mode 100644 index 5d96b9778..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/stringwriterwriter_go1.12.go +++ /dev/null @@ -1,11 +0,0 @@ -//go:build go1.12 -// +build go1.12 - -package bluemonday - -import "io" - -type stringWriterWriter interface { - io.Writer - io.StringWriter -} diff --git a/vendor/github.com/microcosm-cc/bluemonday/stringwriterwriter_ltgo1.12.go b/vendor/github.com/microcosm-cc/bluemonday/stringwriterwriter_ltgo1.12.go deleted file mode 100644 index ecdaa92ca..000000000 --- a/vendor/github.com/microcosm-cc/bluemonday/stringwriterwriter_ltgo1.12.go +++ /dev/null @@ -1,15 +0,0 @@ -//go:build go1.1 && !go1.12 -// +build go1.1,!go1.12 - -package bluemonday - -import "io" - -type stringWriterWriter interface { - io.Writer - StringWriter -} - -type StringWriter interface { - WriteString(s string) (n int, err error) -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 2f1c890d1..c050dd11e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -359,8 +359,8 @@ github.com/google/uuid # github.com/gorilla/context v1.1.2 ## explicit; go 1.20 github.com/gorilla/context -# github.com/gorilla/css v1.0.0 -## explicit +# github.com/gorilla/css v1.0.1 +## explicit; go 1.20 github.com/gorilla/css/scanner # github.com/gorilla/feeds v1.2.0 ## explicit; go 1.20 @@ -478,8 +478,8 @@ github.com/mailru/easyjson/jwriter # github.com/mattn/go-isatty v0.0.20 ## explicit; go 1.15 github.com/mattn/go-isatty -# github.com/microcosm-cc/bluemonday v1.0.26 -## explicit; go 1.21 +# github.com/microcosm-cc/bluemonday v1.0.27 +## explicit; go 1.19 github.com/microcosm-cc/bluemonday github.com/microcosm-cc/bluemonday/css # github.com/miekg/dns v1.1.61