Add some more regex validations to attributes of elements inside filepreview

Mai-Lapyst · Mai-Lapyst · commit 09e277d8dc62 · 2024-02-26T17:46:19.000+01:00
diff --git a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go
@@ -126,9 +126,9 @@ func createDefaultPolicy() *bluemonday.Policy {
 	policy.AllowAttrs("class").Matching(regexp.MustCompile("^file-preview-box$")).OnElements("div")
 	policy.AllowAttrs("class").Matching(regexp.MustCompile("^ui table$")).OnElements("div")
 	policy.AllowAttrs("class").Matching(regexp.MustCompile("^header$")).OnElements("div")
-	policy.AllowAttrs("data-line-number").OnElements("span")
+	policy.AllowAttrs("data-line-number").Matching(regexp.MustCompile("^[0-9]+$")).OnElements("span")
 	policy.AllowAttrs("class").Matching(regexp.MustCompile("^text small grey$")).OnElements("span")
-	policy.AllowAttrs("rel").OnElements("td")
+	policy.AllowAttrs("rel").Matching(regexp.MustCompile("^L[0-9]+$")).OnElements("td")
 	policy.AllowAttrs("class").Matching(regexp.MustCompile("^file-preview*")).OnElements("table")
 	policy.AllowAttrs("class").Matching(regexp.MustCompile("^lines-escape$")).OnElements("td")
 	policy.AllowAttrs("class").Matching(regexp.MustCompile("^toggle-escape-button btn interact-bg$")).OnElements("a")
