diff options
| author | John Olheiser <john.olheiser@gmail.com> | 2021-03-05 15:00:15 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-05 21:00:15 +0000 |
| commit | f1da46622e2d43870f939c46f43518728baecfd3 (patch) | |
| tree | 68a339d9093c66bc9b32b56edf0f5801b6af9af1 | |
| parent | 9db590f2ee198fa260c16387a8baa73f107db533 (diff) | |
| download | gitea-f1da46622e2d43870f939c46f43518728baecfd3.tar.gz gitea-f1da46622e2d43870f939c46f43518728baecfd3.zip | |
Signed-off-by: jolheiser <john.olheiser@gmail.com> (#14898)
| -rw-r--r-- | web_src/js/features/contextpopup.js | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/web_src/js/features/contextpopup.js b/web_src/js/features/contextpopup.js index a9a0ceee3b..c16820cf1f 100644 --- a/web_src/js/features/contextpopup.js +++ b/web_src/js/features/contextpopup.js @@ -1,3 +1,4 @@ +import {htmlEscape} from 'escape-goat'; import {svg} from '../svg.js'; const {AppSubUrl} = window.config; @@ -31,7 +32,7 @@ function issuePopup(owner, repo, index, $element) { if ((red * 0.299 + green * 0.587 + blue * 0.114) > 125) { color = '#000000'; } - labels += `<div class="ui label" style="color: ${color}; background-color:#${label.color};">${label.name}</div>`; + labels += `<div class="ui label" style="color: ${color}; background-color:#${label.color};">${htmlEscape(label.name)}</div>`; } if (labels.length > 0) { labels = `<p>${labels}</p>`; @@ -64,9 +65,9 @@ function issuePopup(owner, repo, index, $element) { }, html: ` <div> - <p><small>${issue.repository.full_name} on ${createdAt}</small></p> - <p><span class="${color}">${svg(octicon)}</span> <strong>${issue.title}</strong> #${index}</p> - <p>${body}</p> + <p><small>${htmlEscape(issue.repository.full_name)} on ${createdAt}</small></p> + <p><span class="${color}">${svg(octicon)}</span> <strong>${htmlEscape(issue.title)}</strong> #${index}</p> + <p>${htmlEscape(body)}</p> ${labels} </div> ` |