caddy

Cutlery/caddy

Fork 0

mirror of https://github.com/caddyserver/caddy.git synced 2026-06-05 05:25:20 -04:00

Files

T

History

JM Sanchez e2eee6a7fc

Tests / test (s390x on IBM Z) (push) Has been skipped

Details

Tests / goreleaser-check (push) Has been skipped

Details

Cross-Build / build (~1.26.0, 1.26, aix) (push) Successful in 2m48s

Details

Cross-Build / build (~1.26.0, 1.26, darwin) (push) Successful in 2m47s

Details

Tests / test (./cmd/caddy/caddy, ~1.26.0, ubuntu-latest, 0, 1.26, linux) (push) Failing after 3m14s

Details

Cross-Build / build (~1.26.0, 1.26, dragonfly) (push) Successful in 1m31s

Details

Cross-Build / build (~1.26.0, 1.26, freebsd) (push) Successful in 1m44s

Details

Cross-Build / build (~1.26.0, 1.26, illumos) (push) Successful in 1m58s

Details

Cross-Build / build (~1.26.0, 1.26, linux) (push) Successful in 1m31s

Details

Cross-Build / build (~1.26.0, 1.26, netbsd) (push) Successful in 1m40s

Details

Cross-Build / build (~1.26.0, 1.26, openbsd) (push) Successful in 2m5s

Details

Cross-Build / build (~1.26.0, 1.26, solaris) (push) Successful in 1m31s

Details

Cross-Build / build (~1.26.0, 1.26, windows) (push) Successful in 1m46s

Details

Lint / govulncheck (push) Successful in 1m33s

Details

Lint / dependency-review (push) Failing after 1m2s

Details

Lint / lint (ubuntu-latest, linux) (push) Successful in 2m54s

Details

OpenSSF Scorecard supply-chain security / Scorecard analysis (push) Failing after 5m49s

Details

Tests / test (./cmd/caddy/caddy, ~1.26.0, macos-14, 0, 1.26, mac) (push) Has been cancelled

Details

Tests / test (./cmd/caddy/caddy.exe, ~1.26.0, windows-latest, True, 1.26, windows) (push) Has been cancelled

Details

Lint / lint (macos-14, mac) (push) Has been cancelled

Details

Lint / lint (windows-latest, windows) (push) Has been cancelled

Details

templates: Patch for GHSA-vcc4-2c75-vc9v (#7785 )

* Patch GHSA-vcc4-2c75-vc9v in stripHTML

templates: fix funcStripHTML bypass via depth counter

The previous false-start approach allowed XSS bypass via inputs like <<>img src=x onerror=alert(1)> and failed on stacked angle brackets.

Replace the tagStart/inTag state machine with a depth counter that mirrors PHP strip_tags behaviour: each '<' increments depth, each '>' decrements it, and text is only emitted at depth zero. Quoted attribute values (both single and double) are tracked so '>' inside href values does not prematurely close a tag.

Signed-off-by: JM Sanchez <77505889+jmrcsnchz@users.noreply.github.com>

* Update tplcontext_test.go

Templates: expand TestStripHTML with attack path coverage

Signed-off-by: JM Sanchez <77505889+jmrcsnchz@users.noreply.github.com>

---------

Signed-off-by: JM Sanchez <77505889+jmrcsnchz@users.noreply.github.com>

2026-06-01 13:35:02 -06:00

caddyfile.go

caddyfile: Normalize & flatten all unmarshalers (#6037 )

2024-01-23 19:36:59 -05:00

frontmatter_fuzz.go

core: Windows service integration (#4790 )

2022-07-29 14:06:54 -06:00

frontmatter.go

chore: Use slices package where possible (#6585 )

2024-09-25 14:30:56 -06:00

templates.go

templates: Explicitly warn about misconfigurations