forked from gitea/gitea
* Fix data URI scramble (#16098) * Removed unused method. * No prefix for data uris. * Added test to prevent regressions. Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
This commit is contained in:
parent
3be67e9a2b
commit
ac84bb7183
|
@ -403,24 +403,19 @@ func (ctx *postProcessCtx) visitNode(node *html.Node, visitText bool) {
|
||||||
}
|
}
|
||||||
case html.ElementNode:
|
case html.ElementNode:
|
||||||
if node.Data == "img" {
|
if node.Data == "img" {
|
||||||
attrs := node.Attr
|
for _, attr := range node.Attr {
|
||||||
for idx, attr := range attrs {
|
|
||||||
if attr.Key != "src" {
|
if attr.Key != "src" {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
link := []byte(attr.Val)
|
if len(attr.Val) > 0 && !isLinkStr(attr.Val) && !strings.HasPrefix(attr.Val, "data:image/") {
|
||||||
if len(link) > 0 && !IsLink(link) {
|
|
||||||
prefix := ctx.urlPrefix
|
prefix := ctx.urlPrefix
|
||||||
if ctx.isWikiMarkdown {
|
if ctx.isWikiMarkdown {
|
||||||
prefix = util.URLJoin(prefix, "wiki", "raw")
|
prefix = util.URLJoin(prefix, "wiki", "raw")
|
||||||
}
|
}
|
||||||
prefix = strings.Replace(prefix, "/src/", "/media/", 1)
|
prefix = strings.Replace(prefix, "/src/", "/media/", 1)
|
||||||
|
|
||||||
lnk := string(link)
|
attr.Val = util.URLJoin(prefix, attr.Val)
|
||||||
lnk = util.URLJoin(prefix, lnk)
|
|
||||||
link = []byte(lnk)
|
|
||||||
}
|
}
|
||||||
node.Attr[idx].Val = string(link)
|
|
||||||
}
|
}
|
||||||
} else if node.Data == "a" {
|
} else if node.Data == "a" {
|
||||||
visitText = false
|
visitText = false
|
||||||
|
|
|
@ -408,3 +408,20 @@ func Test_ParseClusterFuzz(t *testing.T) {
|
||||||
|
|
||||||
assert.NotContains(t, string(val), "<html")
|
assert.NotContains(t, string(val), "<html")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIssue16020(t *testing.T) {
|
||||||
|
setting.AppURL = AppURL
|
||||||
|
setting.AppSubURL = AppSubURL
|
||||||
|
|
||||||
|
var localMetas = map[string]string{
|
||||||
|
"user": "go-gitea",
|
||||||
|
"repo": "gitea",
|
||||||
|
}
|
||||||
|
|
||||||
|
data := `<img src="data:image/png;base64,i//V"/>`
|
||||||
|
|
||||||
|
// func PostProcess(rawHTML []byte, urlPrefix string, metas map[string]string, isWikiMarkdown bool) ([]byte, error)
|
||||||
|
res, err := PostProcess([]byte(data), "https://example.com", localMetas, false)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, data, string(res))
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue