forked from gitea/gitea
1
0
Fork 0
gitea/modules
KN4CK3R 8af96f585f
Disallow dangerous url schemes (#25960)
Regression: https://github.com/go-gitea/gitea/pull/24805
Closes: #25945

- Disallow `javascript`, `vbscript` and `data` (data uri images still
work) url schemes even if all other schemes are allowed
- Fixed older `cbthunderlink` tests

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-18 15:18:37 +00:00
..
actions Fix `ref` for workflows triggered by `pull_request_target` (#25743) 2023-07-07 19:22:03 +00:00
activitypub Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
analyze Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
assetfs Skip unuseful error message in dev mode when watching local filesystem (#25919) 2023-07-17 09:47:55 +00:00
auth Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
avatar Add unit test for `HashAvatar` (#25662) 2023-07-04 12:43:38 +00:00
base Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
cache Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
charset Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
container Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
context Revert package access change from #23879 (#25707) 2023-07-09 13:00:07 +00:00
csv Refactor locale number (#24134) 2023-04-17 11:37:23 +08:00
doctor Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
emoji Update emoji set to Unicode 15 (#25595) 2023-06-29 16:29:48 +00:00
eventsource Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
generate Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
git Remove `git.FileBlame` (#25841) 2023-07-12 19:07:29 +02:00
gitgraph Add context cache as a request level cache (#22294) 2023-02-15 21:37:34 +08:00
graceful Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
hostmatcher Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
html Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
httpcache Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
httplib Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
indexer Add open/closed field support for issue index (#25708) 2023-07-07 17:10:13 +00:00
issue/template Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
json Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs Rewrite logger system (#24726) 2023-05-21 22:35:11 +00:00
log Fix sub-command log level (#25537) 2023-06-28 08:02:06 +02:00
markup Disallow dangerous url schemes (#25960) 2023-07-18 15:18:37 +00:00
mcaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
metrics Use a separate admin page to show global stats, remove `actions` stat (#25062) 2023-06-03 22:03:41 +08:00
migration Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
mirror Improve queue and logger context (#24924) 2023-05-26 07:31:55 +00:00
nosql Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
notification Add Adopt repository event and handler (#25497) 2023-06-26 06:59:15 +00:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages Add support for different Maven POM encoding (#25873) 2023-07-14 09:39:15 +00:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
private Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
process Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
public Use standard HTTP library to serve files (#24693) 2023-05-13 16:04:57 +02:00
queue Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
recaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
references Use correct captured group range when parsing cross-reference (#22672) 2023-01-31 10:08:05 +01:00
regexplru Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
repository Fix branch commit message too long problem (#25588) 2023-06-30 17:03:05 +08:00
secret Improve decryption failure message (#24573) 2023-05-07 19:29:43 +08:00
session Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
setting Avoid creating directories when loading config (#25944) 2023-07-18 07:32:36 -05:00
sitemap Fix sitemap (#22272) 2022-12-30 23:31:00 +08:00
ssh Refactor path & config system (#25330) 2023-06-21 13:50:26 +08:00
storage Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
structs Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
svg Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
sync Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
system Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
templates Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
test Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
testlogger Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
timeutil Fix incorrect webhook time and use relative-time to display it (#24477) 2023-05-03 19:53:43 -04:00
translation Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer Do not recognize text files as audio (#23355) 2023-03-07 22:40:41 -05:00
updatechecker Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
upload Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
uri Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
user Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
util Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
validation Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
web Fix "Flash" message usage (#25895) 2023-07-15 11:52:03 +03:00
webhook New webhook trigger for receiving Pull Request review requests (#24481) 2023-05-24 22:06:27 -04:00