From 8bc013dc7164862914c31f53de0590a463504c24 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Sun, 21 Mar 2021 18:18:59 +0000
Subject: [PATCH 1/2] Fix another clusterfuzz identified issue

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 modules/markup/html.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/markup/html.go b/modules/markup/html.go
index a7d66cc2490a..d773185a52f6 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -313,7 +313,7 @@ func RenderEmoji(
 	return ctx.postProcess(rawHTML)
 }
 
-var tagCleaner = regexp.MustCompile(`<((?:/?\w+/\w+)|(?:/[\w ]+/)|(/?[hH][tT][mM][lL][ />])|(/?[hH][eE][aA][dD][ />]))`)
+var tagCleaner = regexp.MustCompile(`<((?:/?\w+/\w+)|(?:/[\w ]+/)|(/?[hH][tT][mM][lL][ />` + "\000" + `])|(/?[hH][eE][aA][dD][ />` + "\000" + `]))`)
 var nulCleaner = strings.NewReplacer("\000", "")
 
 func (ctx *postProcessCtx) postProcess(rawHTML []byte) ([]byte, error) {

From 5cd05d87b1570aa97f8d14f20f39c17a0cb8d666 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Sun, 21 Mar 2021 18:27:40 +0000
Subject: [PATCH 2/2] Fix another clusterfuzz identified issue

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 modules/markup/html.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/markup/html.go b/modules/markup/html.go
index d773185a52f6..2ea0b56f7278 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -313,7 +313,7 @@ func RenderEmoji(
 	return ctx.postProcess(rawHTML)
 }
 
-var tagCleaner = regexp.MustCompile(`<((?:/?\w+/\w+)|(?:/[\w ]+/)|(/?[hH][tT][mM][lL][ />` + "\000" + `])|(/?[hH][eE][aA][dD][ />` + "\000" + `]))`)
+var tagCleaner = regexp.MustCompile(`<((?:/?\w+/\w+)|(?:/[\w ]+/)|(/?[hH][tT][mM][lL][ />])|(/?[hH][eE][aA][dD][ />]))`)
 var nulCleaner = strings.NewReplacer("\000", "")
 
 func (ctx *postProcessCtx) postProcess(rawHTML []byte) ([]byte, error) {
@@ -327,7 +327,7 @@ func (ctx *postProcessCtx) postProcess(rawHTML []byte) ([]byte, error) {
 	_, _ = res.WriteString("<html><body>")
 
 	// Strip out nuls - they're always invalid
-	_, _ = nulCleaner.WriteString(res, string(tagCleaner.ReplaceAll(rawHTML, []byte("&lt;$1"))))
+	_, _ = res.Write(tagCleaner.ReplaceAll([]byte(nulCleaner.Replace(string(rawHTML))), []byte("&lt;$1")))
 
 	// close the tags
 	_, _ = res.WriteString("</body></html>")