Fix data URI scramble (#16098) (#16118)

* Fix data URI scramble (#16098) * Removed unused method. * No prefix for data uris. * Added test to prevent regressions. Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2025-11-04 16:40:24 +08:00 · 2021-06-09 16:31:40 +02:00
parent 3be67e9a2b
commit ac84bb7183
2 changed files with 20 additions and 8 deletions
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -403,24 +403,19 @@ func (ctx *postProcessCtx) visitNode(node *html.Node, visitText bool) {
 		}
 	case html.ElementNode:
 		if node.Data == "img" {
-			attrs := node.Attr
+			for _, attr := range node.Attr {
 			for idx, attr := range attrs {
 				if attr.Key != "src" {
 					continue
 				}
-				link := []byte(attr.Val)
+				if len(attr.Val) > 0 && !isLinkStr(attr.Val) && !strings.HasPrefix(attr.Val, "data:image/") {
 				if len(link) > 0 && !IsLink(link) {
 					prefix := ctx.urlPrefix
 					if ctx.isWikiMarkdown {
 						prefix = util.URLJoin(prefix, "wiki", "raw")
 					}
 					prefix = strings.Replace(prefix, "/src/", "/media/", 1)
-					lnk := string(link)
+					attr.Val = util.URLJoin(prefix, attr.Val)
 					lnk = util.URLJoin(prefix, lnk)
 					link = []byte(lnk)
 				}
 				node.Attr[idx].Val = string(link)
 			}
 		} else if node.Data == "a" {
 			visitText = false
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -408,3 +408,20 @@ func Test_ParseClusterFuzz(t *testing.T) {
 	assert.NotContains(t, string(val), "<html")
 }
 func TestIssue16020(t *testing.T) {
 	setting.AppURL = AppURL
 	setting.AppSubURL = AppSubURL
 	var localMetas = map[string]string{
 		"user": "go-gitea",
 		"repo": "gitea",
 	}
 	data := `<img src="data:image/png;base64,i//V"/>`
 	// func PostProcess(rawHTML []byte, urlPrefix string, metas map[string]string, isWikiMarkdown bool) ([]byte, error)
 	res, err := PostProcess([]byte(data), "https://example.com", localMetas, false)
 	assert.NoError(t, err)
 	assert.Equal(t, data, string(res))
 }