some fixes

diff --git a/routers/api/v1/user/user.go b/routers/api/v1/user/user.go
index 5a59fd7ca92a34db50d77d030b7bde728940d94e..f9c308cfce35b449007a7cb058c571bdb5937a69 100644 (file)
--- a/routers/api/v1/user/user.go
+++ b/routers/api/v1/user/user.go
@@ -8,6 +8,7 @@ import (
        "strings"
 
        "github.com/Unknwon/com"
+       "github.com/gogits/gogs/pkg/markup"
 
        api "code.gitea.io/sdk/gitea"
 
@@ -50,7 +51,7 @@ func Search(ctx *context.APIContext) {
                        ID:        users[i].ID,
                        UserName:  users[i].Name,
                        AvatarURL: users[i].AvatarLink(),
-                       FullName:  users[i].FullName,
+                       FullName:  markup.Sanitize(users[i].FullName),
                }
                if ctx.IsSigned {
                        results[i].Email = users[i].Email

diff --git a/templates/repo/editor/commit_form.tmpl b/templates/repo/editor/commit_form.tmpl
index 43021ca59ab249cd5a450b4daaf59ef9e6d7714c..7b7e2cf4632faa1f75bca5ab03aa123a9e6a1162 100644 (file)
--- a/templates/repo/editor/commit_form.tmpl
+++ b/templates/repo/editor/commit_form.tmpl
@@ -14,7 +14,8 @@
                                        <input type="radio" class="js-quick-pull-choice-option" name="commit_choice" value="direct" {{if eq .commit_choice "direct"}}checked{{end}}>
                                        <label>
                                                <i class="octicon octicon-git-commit" height="16" width="14"></i>
-                                               {{.i18n.Tr "repo.editor.commit_directly_to_this_branch" .BranchName | Safe}}
+                                               {{$branchName := .BranchName | Str2html}}
+                                               {{.i18n.Tr "repo.editor.commit_directly_to_this_branch" $branchName | Safe}}
                                        </label>
                                </div>
                        </div>

diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl
index 3f3b62e6534a302579fde670312482c700641038..4650ba4c80b9161c01fdc30465510d1566bb081c 100644 (file)
--- a/templates/repo/issue/view_title.tmpl
+++ b/templates/repo/issue/view_title.tmpl
@@ -28,7 +28,7 @@
                {{if .Issue.PullRequest.HasMerged}}
                        {{ $mergedStr:= TimeSince .Issue.PullRequest.Merged $.Lang }}
                        <a {{if gt .Issue.PullRequest.Merger.ID 0}}href="{{.Issue.PullRequest.Merger.HomeLink}}"{{end}}>{{.Issue.PullRequest.Merger.Name}}</a>
-                       <span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Safe}}</span>
+                       <span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Str2html}}</span>
                {{else}}
                        <a {{if gt .Issue.Poster.ID 0}}href="{{.Issue.Poster.HomeLink}}"{{end}}>{{.Issue.Poster.Name}}</a>
                        <span class="pull-desc">{{$.i18n.Tr "repo.pulls.title_desc" .NumCommits .HeadTarget .BaseTarget | Str2html}}</span>