tyler.durden/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-31 11:35:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix data URI scramble (#16098) (#16118)

Browse Source 
* Fix data URI scramble (#16098)

* Removed unused method.

* No prefix for data uris.

* Added test to prevent regressions.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
This commit is contained in:
6543 2021-06-09 16:31:40 +02:00 committed by GitHub
parent 3be67e9a2b
commit ac84bb7183
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/markup/html.go
View File

@ -403,24 +403,19 @@ func (ctx *postProcessCtx) visitNode(node *html.Node, visitText bool) {
}
case html.ElementNode:
if node.Data == "img" {
attrs := node.Attr
for idx, attr := range attrs {
for _, attr := range node.Attr {
if attr.Key != "src" {
continue
}
link := []byte(attr.Val)
if len(link) > 0 && !IsLink(link) {
if len(attr.Val) > 0 && !isLinkStr(attr.Val) && !strings.HasPrefix(attr.Val, "data:image/") {
prefix := ctx.urlPrefix
if ctx.isWikiMarkdown {
prefix = util.URLJoin(prefix, "wiki", "raw")
}
prefix = strings.Replace(prefix, "/src/", "/media/", 1)
lnk := string(link)
lnk = util.URLJoin(prefix, lnk)
link = []byte(lnk)
attr.Val = util.URLJoin(prefix, attr.Val)
}
node.Attr[idx].Val = string(link)
}
} else if node.Data == "a" {
visitText = false

17
modules/markup/html_test.go
View File

@ -408,3 +408,20 @@ func Test_ParseClusterFuzz(t *testing.T) {
assert.NotContains(t, string(val), "<html")
}
func TestIssue16020(t *testing.T) {
setting.AppURL = AppURL
setting.AppSubURL = AppSubURL
var localMetas = map[string]string{
"user": "go-gitea",
"repo": "gitea",
}
data := `<img src="data:image/png;base64,i//V"/>`
// func PostProcess(rawHTML []byte, urlPrefix string, metas map[string]string, isWikiMarkdown bool) ([]byte, error)
res, err := PostProcess([]byte(data), "https://example.com", localMetas, false)
assert.NoError(t, err)
assert.Equal(t, data, string(res))
}