aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author65432021-06-09 16:31:40 +0200
committerGitHub2021-06-09 16:31:40 +0200
commitac84bb7183a58a60c056f4fa5f6059392339b41b (patch)
tree747a61b5bd224de495787a2aab6e486fa3f94069
parent3be67e9a2b3f9daf390496f921d1174175ba4e7e (diff)
Fix data URI scramble (#16098) (#16118)
* Fix data URI scramble (#16098) * Removed unused method. * No prefix for data uris. * Added test to prevent regressions. Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
-rw-r--r--modules/markup/html.go11
-rw-r--r--modules/markup/html_test.go17
2 files changed, 20 insertions, 8 deletions
diff --git a/modules/markup/html.go b/modules/markup/html.go
index bec9ba2fb..908b4de09 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -403,24 +403,19 @@ func (ctx *postProcessCtx) visitNode(node *html.Node, visitText bool) {
}
case html.ElementNode:
if node.Data == "img" {
- attrs := node.Attr
- for idx, attr := range attrs {
+ for _, attr := range node.Attr {
if attr.Key != "src" {
continue
}
- link := []byte(attr.Val)
- if len(link) > 0 && !IsLink(link) {
+ if len(attr.Val) > 0 && !isLinkStr(attr.Val) && !strings.HasPrefix(attr.Val, "data:image/") {
prefix := ctx.urlPrefix
if ctx.isWikiMarkdown {
prefix = util.URLJoin(prefix, "wiki", "raw")
}
prefix = strings.Replace(prefix, "/src/", "/media/", 1)
- lnk := string(link)
- lnk = util.URLJoin(prefix, lnk)
- link = []byte(lnk)
+ attr.Val = util.URLJoin(prefix, attr.Val)
}
- node.Attr[idx].Val = string(link)
}
} else if node.Data == "a" {
visitText = false
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index 1e39be401..aab223085 100644
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -408,3 +408,20 @@ func Test_ParseClusterFuzz(t *testing.T) {
assert.NotContains(t, string(val), "<html")
}
+
+func TestIssue16020(t *testing.T) {
+ setting.AppURL = AppURL
+ setting.AppSubURL = AppSubURL
+
+ var localMetas = map[string]string{
+ "user": "go-gitea",
+ "repo": "gitea",
+ }
+
+ data := `<img src="data:image/png;base64,i//V"/>`
+
+ // func PostProcess(rawHTML []byte, urlPrefix string, metas map[string]string, isWikiMarkdown bool) ([]byte, error)
+ res, err := PostProcess([]byte(data), "https://example.com", localMetas, false)
+ assert.NoError(t, err)
+ assert.Equal(t, data, string(res))
+}