diff options
author | 6543 | 2021-06-09 16:31:40 +0200 |
---|---|---|
committer | GitHub | 2021-06-09 16:31:40 +0200 |
commit | ac84bb7183a58a60c056f4fa5f6059392339b41b (patch) | |
tree | 747a61b5bd224de495787a2aab6e486fa3f94069 | |
parent | 3be67e9a2b3f9daf390496f921d1174175ba4e7e (diff) |
Fix data URI scramble (#16098) (#16118)
* Fix data URI scramble (#16098)
* Removed unused method.
* No prefix for data uris.
* Added test to prevent regressions.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
-rw-r--r-- | modules/markup/html.go | 11 | ||||
-rw-r--r-- | modules/markup/html_test.go | 17 |
2 files changed, 20 insertions, 8 deletions
diff --git a/modules/markup/html.go b/modules/markup/html.go index bec9ba2fb..908b4de09 100644 --- a/modules/markup/html.go +++ b/modules/markup/html.go @@ -403,24 +403,19 @@ func (ctx *postProcessCtx) visitNode(node *html.Node, visitText bool) { } case html.ElementNode: if node.Data == "img" { - attrs := node.Attr - for idx, attr := range attrs { + for _, attr := range node.Attr { if attr.Key != "src" { continue } - link := []byte(attr.Val) - if len(link) > 0 && !IsLink(link) { + if len(attr.Val) > 0 && !isLinkStr(attr.Val) && !strings.HasPrefix(attr.Val, "data:image/") { prefix := ctx.urlPrefix if ctx.isWikiMarkdown { prefix = util.URLJoin(prefix, "wiki", "raw") } prefix = strings.Replace(prefix, "/src/", "/media/", 1) - lnk := string(link) - lnk = util.URLJoin(prefix, lnk) - link = []byte(lnk) + attr.Val = util.URLJoin(prefix, attr.Val) } - node.Attr[idx].Val = string(link) } } else if node.Data == "a" { visitText = false diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go index 1e39be401..aab223085 100644 --- a/modules/markup/html_test.go +++ b/modules/markup/html_test.go @@ -408,3 +408,20 @@ func Test_ParseClusterFuzz(t *testing.T) { assert.NotContains(t, string(val), "<html") } + +func TestIssue16020(t *testing.T) { + setting.AppURL = AppURL + setting.AppSubURL = AppSubURL + + var localMetas = map[string]string{ + "user": "go-gitea", + "repo": "gitea", + } + + data := `<img src="data:image/png;base64,i//V"/>` + + // func PostProcess(rawHTML []byte, urlPrefix string, metas map[string]string, isWikiMarkdown bool) ([]byte, error) + res, err := PostProcess([]byte(data), "https://example.com", localMetas, false) + assert.NoError(t, err) + assert.Equal(t, data, string(res)) +} |