Escape search query (Backport 1.4) (#3488)

* Escape search query

Signed-off-by: Jonas Franz <info@jonasfranz.de>
(cherry picked from commit 2970889)

* Reordered imports

Signed-off-by: Jonas Franz <info@jonasfranz.de>

diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index d6be25cebb709119c714ed456e3fcfa83d5c618f..2eac62901fe8f7f1ac4cd3cd1eb4bb6fe5a9a94c 100644 (file)
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -10,6 +10,7 @@ import (
        "encoding/json"
        "errors"
        "fmt"
+       "html"
        "html/template"
        "mime"
        "net/url"
@@ -179,6 +180,7 @@ func NewFuncMap() []template.FuncMap {
                        return dict, nil
                },
                "Printf": fmt.Sprintf,
+               "Escape": Escape,
        }}
 }
 
@@ -197,6 +199,11 @@ func Str2html(raw string) template.HTML {
        return template.HTML(markup.Sanitize(raw))
 }
 
+// Escape escapes a HTML string
+func Escape(raw string) string {
+       return html.EscapeString(raw)
+}
+
 // List traversings the list
 func List(l *list.List) chan interface{} {
        e := l.Front()

diff --git a/templates/repo/search.tmpl b/templates/repo/search.tmpl
index 19a9d4474c4526a14a1b1b03f72b132a3f7eb854..3ddc5de86c986b6ec4232dbdc345b63a29ecd1f5 100644 (file)
--- a/templates/repo/search.tmpl
+++ b/templates/repo/search.tmpl
@@ -14,7 +14,7 @@
                </div>
                {{if .Keyword}}
                        <h3>
-                               {{.i18n.Tr "repo.search.results" .Keyword .RepoLink .RepoName | Str2html}}
+                               {{.i18n.Tr "repo.search.results" (.Keyword|Escape) .RepoLink .RepoName | Str2html }}
                        </h3>
                        <div class="repository search">
                                {{range $result := .SearchResults}}