MirrorHub/forgejo
0
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-02-27 19:50:19 +01:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/modules
History
Gusted bb448f3dc2
disallow javascript: URI in the repository description 
- Fixes an XSS that was introduced in
https://codeberg.org/forgejo/forgejo/pulls/1433
- This XSS allows for `href`s in anchor elements to be set to a
`javascript:` uri in the repository description, which would upon
clicking (and not upon loading) the anchor element execute the specified
javascript in that uri.
- [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs) is now called for the repository description
policy, which ensures that URIs in anchor elements are `mailto:`,
`http://` or `https://` and thereby disallowing the `javascript:` URI.
It also now allows non-relative links and sets `rel="nofollow"` on
anchor elements.
- Unit test added.
2024-08-09 07:04:01 +02:00
..
actions Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
activitypub feat: access ActivityPub client through interfaces to facilitate mocking in unit tests (#4853) 2024-08-07 05:45:24 +00:00
analyze
assetfs Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
auth Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
avatar Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
base cherry-pick OIDC changes from gitea (#4724) 2024-08-08 06:32:14 +00:00
cache Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
charset Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
container
csv Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
emoji
eventsource
forgefed Adjust codespell config + make it fix few typos which sneaked in since addition of codespell support (#4857) 2024-08-08 16:07:35 +00:00
generate Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
git feat: highlighted code search results (#4749) 2024-08-06 05:57:25 +00:00
gitgraph
gitrepo
graceful Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
hcaptcha
highlight Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
hostmatcher
html
httpcache
httplib Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
indexer Adjust codespell config + make it fix few typos which sneaked in since addition of codespell support (#4857) 2024-08-08 16:07:35 +00:00
issue/template Issue Templates: add option to have dropdown printed list (#31577) 2024-07-22 15:44:13 +02:00
json
label
lfs Distinguish LFS object errors to ignore missing objects during migration (#31702) 2024-08-04 18:24:10 +02:00
log Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
markup disallow javascript: URI in the repository description 2024-08-09 07:04:01 +02:00
mcaptcha
metrics
migration Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
nosql
optional Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
options
packages Arch packages implementation (#4785) 2024-08-04 06:16:29 +00:00
paginator
pprof
private
process
proxy
proxyprotocol
public
queue Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
recaptcha
references Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
regexplru Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
repository Distinguish LFS object errors to ignore missing objects during migration (#31702) 2024-08-04 18:24:10 +02:00
secret Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
session
setting Revert "Open telemetry integration (#3972)" 2024-08-07 11:22:43 +02:00
sitemap Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
ssh
storage Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
structs Adjust codespell config + make it fix few typos which sneaked in since addition of codespell support (#4857) 2024-08-08 16:07:35 +00:00
svg
sync
system Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
templates Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
test
testlogger
timeutil
translation Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
turnstile
typesniffer Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
updatechecker Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
uri Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
user test: enforce tenv usage in tests 2024-07-17 23:07:41 +02:00
util Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
validation
web Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
webhook