diff options
author | Wim <wim@42.be> | 2023-03-09 22:48:00 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-09 22:48:00 +0100 |
commit | 08779c29099e8940493df56d28d8aa131ac8342e (patch) | |
tree | 7ad8ce25cf371e582137e1706dd671a6bf4342d0 /vendor/golang.org/x/net | |
parent | d5f9cdf912d43cd2a5cb243e086fbdab9a9073b0 (diff) | |
download | matterbridge-msglm-08779c29099e8940493df56d28d8aa131ac8342e.tar.gz matterbridge-msglm-08779c29099e8940493df56d28d8aa131ac8342e.tar.bz2 matterbridge-msglm-08779c29099e8940493df56d28d8aa131ac8342e.zip |
Update dependencies (#2007)
* Update dependencies
Diffstat (limited to 'vendor/golang.org/x/net')
-rw-r--r-- | vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go | 71 | ||||
-rw-r--r-- | vendor/golang.org/x/net/html/doc.go | 15 | ||||
-rw-r--r-- | vendor/golang.org/x/net/html/escape.go | 81 | ||||
-rw-r--r-- | vendor/golang.org/x/net/html/render.go | 2 | ||||
-rw-r--r-- | vendor/golang.org/x/net/html/token.go | 10 |
5 files changed, 102 insertions, 77 deletions
diff --git a/vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go b/vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go deleted file mode 100644 index 37dc0cfd..00000000 --- a/vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go +++ /dev/null @@ -1,71 +0,0 @@ -// Copyright 2016 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package ctxhttp provides helper functions for performing context-aware HTTP requests. -package ctxhttp // import "golang.org/x/net/context/ctxhttp" - -import ( - "context" - "io" - "net/http" - "net/url" - "strings" -) - -// Do sends an HTTP request with the provided http.Client and returns -// an HTTP response. -// -// If the client is nil, http.DefaultClient is used. -// -// The provided ctx must be non-nil. If it is canceled or times out, -// ctx.Err() will be returned. -func Do(ctx context.Context, client *http.Client, req *http.Request) (*http.Response, error) { - if client == nil { - client = http.DefaultClient - } - resp, err := client.Do(req.WithContext(ctx)) - // If we got an error, and the context has been canceled, - // the context's error is probably more useful. - if err != nil { - select { - case <-ctx.Done(): - err = ctx.Err() - default: - } - } - return resp, err -} - -// Get issues a GET request via the Do function. -func Get(ctx context.Context, client *http.Client, url string) (*http.Response, error) { - req, err := http.NewRequest("GET", url, nil) - if err != nil { - return nil, err - } - return Do(ctx, client, req) -} - -// Head issues a HEAD request via the Do function. -func Head(ctx context.Context, client *http.Client, url string) (*http.Response, error) { - req, err := http.NewRequest("HEAD", url, nil) - if err != nil { - return nil, err - } - return Do(ctx, client, req) -} - -// Post issues a POST request via the Do function. -func Post(ctx context.Context, client *http.Client, url string, bodyType string, body io.Reader) (*http.Response, error) { - req, err := http.NewRequest("POST", url, body) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", bodyType) - return Do(ctx, client, req) -} - -// PostForm issues a POST request via the Do function. -func PostForm(ctx context.Context, client *http.Client, url string, data url.Values) (*http.Response, error) { - return Post(ctx, client, url, "application/x-www-form-urlencoded", strings.NewReader(data.Encode())) -} diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go index 822ed42a..7a96eae3 100644 --- a/vendor/golang.org/x/net/html/doc.go +++ b/vendor/golang.org/x/net/html/doc.go @@ -92,6 +92,21 @@ example, to process each anchor node in depth-first order: The relevant specifications include: https://html.spec.whatwg.org/multipage/syntax.html and https://html.spec.whatwg.org/multipage/syntax.html#tokenization + +# Security Considerations + +Care should be taken when parsing and interpreting HTML, whether full documents +or fragments, within the framework of the HTML specification, especially with +regard to untrusted inputs. + +This package provides both a tokenizer and a parser. Only the parser constructs +a DOM according to the HTML specification, resolving malformed and misplaced +tags where appropriate. The tokenizer simply tokenizes the HTML presented to it, +and as such does not resolve issues that may exist in the processed HTML, +producing a literal interpretation of the input. + +If your use case requires semantically well-formed HTML, as defined by the +WHATWG specifiction, the parser should be used rather than the tokenizer. */ package html // import "golang.org/x/net/html" diff --git a/vendor/golang.org/x/net/html/escape.go b/vendor/golang.org/x/net/html/escape.go index d8561396..04c6bec2 100644 --- a/vendor/golang.org/x/net/html/escape.go +++ b/vendor/golang.org/x/net/html/escape.go @@ -193,6 +193,87 @@ func lower(b []byte) []byte { return b } +// escapeComment is like func escape but escapes its input bytes less often. +// Per https://github.com/golang/go/issues/58246 some HTML comments are (1) +// meaningful and (2) contain angle brackets that we'd like to avoid escaping +// unless we have to. +// +// "We have to" includes the '&' byte, since that introduces other escapes. +// +// It also includes those bytes (not including EOF) that would otherwise end +// the comment. Per the summary table at the bottom of comment_test.go, this is +// the '>' byte that, per above, we'd like to avoid escaping unless we have to. +// +// Studying the summary table (and T actions in its '>' column) closely, we +// only need to escape in states 43, 44, 49, 51 and 52. State 43 is at the +// start of the comment data. State 52 is after a '!'. The other three states +// are after a '-'. +// +// Our algorithm is thus to escape every '&' and to escape '>' if and only if: +// - The '>' is after a '!' or '-' (in the unescaped data) or +// - The '>' is at the start of the comment data (after the opening "<!--"). +func escapeComment(w writer, s string) error { + // When modifying this function, consider manually increasing the + // maxSuffixLen constant in func TestComments, from 6 to e.g. 9 or more. + // That increase should only be temporary, not committed, as it + // exponentially affects the test running time. + + if len(s) == 0 { + return nil + } + + // Loop: + // - Grow j such that s[i:j] does not need escaping. + // - If s[j] does need escaping, output s[i:j] and an escaped s[j], + // resetting i and j to point past that s[j] byte. + i := 0 + for j := 0; j < len(s); j++ { + escaped := "" + switch s[j] { + case '&': + escaped = "&" + + case '>': + if j > 0 { + if prev := s[j-1]; (prev != '!') && (prev != '-') { + continue + } + } + escaped = ">" + + default: + continue + } + + if i < j { + if _, err := w.WriteString(s[i:j]); err != nil { + return err + } + } + if _, err := w.WriteString(escaped); err != nil { + return err + } + i = j + 1 + } + + if i < len(s) { + if _, err := w.WriteString(s[i:]); err != nil { + return err + } + } + return nil +} + +// escapeCommentString is to EscapeString as escapeComment is to escape. +func escapeCommentString(s string) string { + if strings.IndexAny(s, "&>") == -1 { + return s + } + var buf bytes.Buffer + escapeComment(&buf, s) + return buf.String() +} + const escapedChars = "&'<>\"\r" func escape(w writer, s string) error { diff --git a/vendor/golang.org/x/net/html/render.go b/vendor/golang.org/x/net/html/render.go index 497e1320..8b280319 100644 --- a/vendor/golang.org/x/net/html/render.go +++ b/vendor/golang.org/x/net/html/render.go @@ -85,7 +85,7 @@ func render1(w writer, n *Node) error { if _, err := w.WriteString("<!--"); err != nil { return err } - if err := escape(w, n.Data); err != nil { + if err := escapeComment(w, n.Data); err != nil { return err } if _, err := w.WriteString("-->"); err != nil { diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go index 50f7c6aa..5c2a1f4e 100644 --- a/vendor/golang.org/x/net/html/token.go +++ b/vendor/golang.org/x/net/html/token.go @@ -110,7 +110,7 @@ func (t Token) String() string { case SelfClosingTagToken: return "<" + t.tagString() + "/>" case CommentToken: - return "<!--" + EscapeString(t.Data) + "-->" + return "<!--" + escapeCommentString(t.Data) + "-->" case DoctypeToken: return "<!DOCTYPE " + EscapeString(t.Data) + ">" } @@ -598,10 +598,10 @@ scriptDataDoubleEscapeEnd: // readComment reads the next comment token starting with "<!--". The opening // "<!--" has already been consumed. func (z *Tokenizer) readComment() { - // When modifying this function, consider manually increasing the suffixLen - // constant in func TestComments, from 6 to e.g. 9 or more. That increase - // should only be temporary, not committed, as it exponentially affects the - // test running time. + // When modifying this function, consider manually increasing the + // maxSuffixLen constant in func TestComments, from 6 to e.g. 9 or more. + // That increase should only be temporary, not committed, as it + // exponentially affects the test running time. z.data.start = z.raw.end defer func() { |