feat: updated xgo and added tpp protection.

go.mod

@@ -6,6 +6,6 @@ require (
 	github.com/d5/tengo/v2 v2.17.0
 	github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2
 	surdeus.su/core/cli v0.1.2
-	surdeus.su/core/xgo v0.5.0
+	surdeus.su/core/xgo v0.6.0
 	surdeus.su/util/tpp v0.3.2
 )

go.sum

@@ -6,5 +6,7 @@ surdeus.su/core/cli v0.1.2 h1:qPzjawqPyZsO4Z5SaA1u141recVE65yioA83Qs7Jecs=
 surdeus.su/core/cli v0.1.2/go.mod h1:r9JtQz3aEJzpYzMaNUNQHJoYkoWKNPi047qhd5uGlmA=
 surdeus.su/core/xgo v0.5.0 h1:/Rk3scfFkoSb0qjHRlkUNOp9sr/fd7wAvCiT4fBRo+U=
 surdeus.su/core/xgo v0.5.0/go.mod h1:6C/AHbjfvAMvt3TOzLB4eIZ40eU3ahJXtdY+kr4yXoc=
+surdeus.su/core/xgo v0.6.0 h1:r8b2rm7hN35lOScaCuYxMm7bxyESc50UB66J4tGhnk8=
+surdeus.su/core/xgo v0.6.0/go.mod h1:6C/AHbjfvAMvt3TOzLB4eIZ40eU3ahJXtdY+kr4yXoc=
 surdeus.su/util/tpp v0.3.2 h1:ebcnEcY+4tgB4a6trs4GBd2CJjrZJaPKh3i5RKQf8/U=
 surdeus.su/util/tpp v0.3.2/go.mod h1:rXOVXwvdc7FxRGK/Smy03AXLQiet4N+2imFesic9Vzw=

handler.go

@@ -108,7 +108,11 @@ func (h *Handler) ServeHTTP(
 	urlPath := r.URL.Path
 	// Cleaning URL path to prevent injections.
 	urlPath = path.Clean(urlPath)
-	//urlExt := path.Ext(urlPath)
+	urlExt := path.Ext(urlPath)
+	if urlExt == h.ext {
+		http.NotFound(w, r)
+		return
+	}
 
 	filePath := filepath.Join(
 		filepath.FromSlash(h.sourcePath),