@ -124,8 +124,9 @@ func escapeUrlComponent(val string) string {
// Query represents a query
// Query represents a query
type Query struct {
type Query struct {
Key string
Key string
Value string
Value string
HasValue bool
}
}
func parseQuery ( query string ) ( values [ ] Query , err error ) {
func parseQuery ( query string ) ( values [ ] Query , err error ) {
@ -140,8 +141,10 @@ func parseQuery(query string) (values []Query, err error) {
continue
continue
}
}
value := ""
value := ""
hasValue := false
if i := strings . Index ( key , "=" ) ; i >= 0 {
if i := strings . Index ( key , "=" ) ; i >= 0 {
key , value = key [ : i ] , key [ i + 1 : ]
key , value = key [ : i ] , key [ i + 1 : ]
hasValue = true
}
}
key , err1 := url . QueryUnescape ( key )
key , err1 := url . QueryUnescape ( key )
if err1 != nil {
if err1 != nil {
@ -158,8 +161,9 @@ func parseQuery(query string) (values []Query, err error) {
continue
continue
}
}
values = append ( values , Query {
values = append ( values , Query {
Key : key ,
Key : key ,
Value : value ,
Value : value ,
HasValue : hasValue ,
} )
} )
}
}
return values , err
return values , err
@ -169,8 +173,10 @@ func encodeQueries(queries []Query) string {
var b strings . Builder
var b strings . Builder
for i , query := range queries {
for i , query := range queries {
b . WriteString ( url . QueryEscape ( query . Key ) )
b . WriteString ( url . QueryEscape ( query . Key ) )
b . WriteString ( "=" )
if query . HasValue {
b . WriteString ( url . QueryEscape ( query . Value ) )
b . WriteString ( "=" )
b . WriteString ( url . QueryEscape ( query . Value ) )
}
if i < len ( queries ) - 1 {
if i < len ( queries ) - 1 {
b . WriteString ( "&" )
b . WriteString ( "&" )
}
}
@ -965,7 +971,6 @@ func (p *Policy) matchRegex(elementName string) (map[string]attrPolicy, bool) {
return aps , matched
return aps , matched
}
}
// normaliseElementName takes a HTML element like <script> which is user input
// normaliseElementName takes a HTML element like <script> which is user input
// and returns a lower case version of it that is immune to UTF-8 to ASCII
// and returns a lower case version of it that is immune to UTF-8 to ASCII
// conversion tricks (like the use of upper case cyrillic i scrİpt which a
// conversion tricks (like the use of upper case cyrillic i scrİpt which a