gitea/modules
KN4CK3R ab54310731
Disallow dangerous URL schemes (#25960) (#25964)
Regression: https://github.com/go-gitea/gitea/pull/24805
Closes: #25945

- Disallow `javascript`, `vbscript` and `data` (data uri images still
work) url schemes even if all other schemes are allowed
- Fixed older `cbthunderlink` tests

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-18 19:48:52 +00:00
..
actions Fix activity type match in matchPullRequestEvent (#25746) (#25796) 2023-07-11 06:42:07 +00:00
activitypub Add Chef package registry (#22554) 2023-02-06 09:49:21 +08:00
analyze Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
assetfs Skip unuseful error message in dev mode when watching local filesystem (#25919) (#25927) 2023-07-17 10:26:29 +00:00
auth Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
avatar Improve avatar uploading / resizing / compressing, remove Fomantic card module (#24653) 2023-05-13 20:59:11 +02:00
base Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
cache Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
charset Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
container Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
context Revert package access change from #23879 (#25707) (#25785) 2023-07-09 21:00:42 +00:00
csv Refactor locale number (#24134) 2023-04-17 11:37:23 +08:00
doctor Refactor path & config system (#25330) (#25416) 2023-06-22 16:27:18 +00:00
emoji Fix unstable emoji sort (#22346) 2023-01-05 13:58:51 +02:00
eventsource Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
generate Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
git Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
gitgraph Add context cache as a request level cache (#22294) 2023-02-15 21:37:34 +08:00
graceful Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight test_env: hardcode major go version in use (#23464) 2023-03-14 16:09:01 -04:00
hostmatcher Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
html Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
httpcache Use standard HTTP library to serve files (#24693) 2023-05-13 16:04:57 +02:00
httplib Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
indexer Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
issue/template Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
json Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs Rewrite logger system (#24726) 2023-05-21 22:35:11 +00:00
log Fix sub-command log level (#25537) (#25553) 2023-06-28 17:35:20 +08:00
markup Disallow dangerous URL schemes (#25960) (#25964) 2023-07-18 19:48:52 +00:00
mcaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
metrics Use a separate admin page to show global stats, remove actions stat (#25062) 2023-06-03 22:03:41 +08:00
migration Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
mirror Improve queue and logger context (#24924) 2023-05-26 07:31:55 +00:00
nosql Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
notification Add Adopt repository event and handler (#25497) (#25518) 2023-06-26 20:09:07 +00:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages Add support for different Maven POM encoding (#25873) (#25890) 2023-07-14 10:27:15 +00:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
private Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
process Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
public Use standard HTTP library to serve files (#24693) 2023-05-13 16:04:57 +02:00
queue Help to recover from corrupted levelqueue (#24912) 2023-05-29 10:52:32 +08:00
recaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
references Use correct captured group range when parsing cross-reference (#22672) 2023-01-31 10:08:05 +01:00
regexplru Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
repository Remove stars when repo goes private (#19904) 2023-06-05 13:25:43 +00:00
secret Improve decryption failure message (#24573) 2023-05-07 19:29:43 +08:00
session Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
setting Add shutting down notice (#25920) (#25922) 2023-07-17 09:44:10 +00:00
sitemap Fix sitemap (#22272) 2022-12-30 23:31:00 +08:00
ssh Fix incorrect config argument position for builtin SSH server (#25341) 2023-06-18 16:56:21 +00:00
storage Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
structs Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
svg Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
sync Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
system Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
templates Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
test Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
testlogger Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
timeutil Fix incorrect webhook time and use relative-time to display it (#24477) 2023-05-03 19:53:43 -04:00
translation Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer Do not recognize text files as audio (#23355) 2023-03-07 22:40:41 -05:00
updatechecker Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
upload Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
uri Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
user Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
util Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
validation Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
web Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
webhook New webhook trigger for receiving Pull Request review requests (#24481) 2023-05-24 22:06:27 -04:00