oss/miniflux-v2
oss/miniflux-v2
1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-06-27 16:36:00 +00:00
Code Wiki Activity

feat(sanitizer): validate MathML XML namespace

Browse source
This commit is contained in:
Frédéric Guillot 2025-06-09 20:24:12 -07:00
parent 21d22d7f0b
commit d53fd17e10
2 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/reader/sanitizer/sanitizer.go
View file

@ -234,6 +234,10 @@ func sanitizeAttributes(baseURL, tagName string, attributes []html.Attribute, sa
continue continue
} }
if tagName == "math" && attribute.Key == "xmlns" && value != "http://www.w3.org/1998/Math/MathML" {
value = "http://www.w3.org/1998/Math/MathML"
}
if tagName == "img" && attribute.Key == "fetchpriority" { if tagName == "img" && attribute.Key == "fetchpriority" {
if !isValidFetchPriorityValue(value) { if !isValidFetchPriorityValue(value) {
continue continue

10
internal/reader/sanitizer/sanitizer_test.go
View file

@ -829,3 +829,13 @@ func TestMathML(t *testing.T) {
t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
} }
} }
func TestInvalidMathMLXMLNamespace(t *testing.T) {
input := `<math xmlns="http://example.org"><msup><mi>x</mi><mn>2</mn></msup></math>`
expected := `<math xmlns="http://www.w3.org/1998/Math/MathML"><msup><mi>x</mi><mn>2</mn></msup></math>`
output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)
if expected != output {
t.Errorf(`Wrong output: "%s" != "%s"`, expected, output)
}
}