The API convert.toUser function makes the incorrect assumption that full names could
be rendered as is without being escaped. It therefore runs the names through
markup.Sanitize which leads to a double escape of user full names. This
pr stops this.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
import (
"code.gitea.io/gitea/models"
- "code.gitea.io/gitea/modules/markup"
api "code.gitea.io/gitea/modules/structs"
)
result := &api.User{
ID: user.ID,
UserName: user.Name,
- FullName: markup.Sanitize(user.FullName),
+ FullName: user.FullName,
Email: user.GetEmail(),
AvatarURL: user.AvatarLink(),
Created: user.CreatedUnix.AsTime(),