yggdrasil

Author	SHA1	Message	Date
xfy	28f0117f06	test(sanitizer): 补充 is_safe_url 分支测试 is_safe_url 是 HTML 消毒器的安全核心，原仅通过 clean_html 间接覆盖。新增 9 个直接单元测试，锁定各分支契约： - https/http 白名单通过 - javascript / vbscript scheme 拒绝（含大小写混淆） - data URI 按 allow_data_uri 标志决定（文章正文 vs 评论） - 相对路径与锚点片段通过 - 空字符串/纯空白视为安全 - mailto / tel / ftp 等其它白名单 scheme 通过 - 含空白的 scheme 名（混淆手法）被拒绝共 17 个测试，全部通过。	2026-06-15 11:19:46 +08:00
xfy	26b012c40c	docs(api, auth): 补充中文注释	2026-06-12 18:27:24 +08:00
xfy	4fe26f7eb3	test: improve unit test coverage and assertions Some checks failed CI / check (push) Failing after 15m51s Details CI / build (push) Has been skipped Details - Add tests for sanitizer, mime_to_ext, clean_tags, Theme::toggle - Tighten assertions in highlight, markdown, post status classes - Add boundary and XSS cases for comments, slug, rate_limit, webp - Update Cargo.lock for serial_test dev-dependency	2026-06-12 18:13:51 +08:00
xfy	942ac853fe	refactor: tighten module-level allow attributes	2026-06-12 17:26:46 +08:00
xfy	294d60afab	style: format rust code Some checks failed CI / build (push) Has been cancelled Details CI / check (push) Has been cancelled Details	2026-06-12 17:14:31 +08:00
xfy	a10bf8737c	refactor(sanitizer): extract shared sanitizer module and migrate from ammonia to lol_html	2026-06-12 11:15:42 +08:00

6 Commits