diff options
| author | zeripath <art27@cantab.net> | 2019-05-10 18:48:28 +0100 |
|---|---|---|
| committer | techknowlogick <techknowlogick@gitea.io> | 2019-05-10 13:48:28 -0400 |
| commit | d64a646c0a9c4ea1ca7f6213e4d353132cb735c1 (patch) | |
| tree | ffcfbf7f2c5fdb710a1a3d4b9247d3c0019c209a /models/action.go | |
| parent | 10ff527faefb14b1e06e300d8a4cb3c436c37445 (diff) | |
| download | gitea-d64a646c0a9c4ea1ca7f6213e4d353132cb735c1.tar.gz gitea-d64a646c0a9c4ea1ca7f6213e4d353132cb735c1.zip | |
Escape the commit message on issues update and title in telegram hook (#6901)
Diffstat (limited to 'models/action.go')
| -rw-r--r-- | models/action.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/models/action.go b/models/action.go index 01a6a91704..f397298699 100644 --- a/models/action.go +++ b/models/action.go @@ -8,6 +8,7 @@ package models import ( "encoding/json" "fmt" + "html" "path" "regexp" "strconv" @@ -580,7 +581,7 @@ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit, bra } refMarked[issue.ID] = true - message := fmt.Sprintf(`<a href="%s/commit/%s">%s</a>`, repo.Link(), c.Sha1, c.Message) + message := fmt.Sprintf(`<a href="%s/commit/%s">%s</a>`, repo.Link(), c.Sha1, html.EscapeString(c.Message)) if err = CreateRefComment(doer, refRepo, issue, message, c.Sha1); err != nil { return err } |