diff options
| author | Unknwon <joe2010xtmf@163.com> | 2014-10-04 17:15:22 -0400 |
|---|---|---|
| committer | Unknwon <joe2010xtmf@163.com> | 2014-10-04 17:15:22 -0400 |
| commit | 263d4093260707c6249eecb52ad52a0205e61351 (patch) | |
| tree | 865d01225903e26939e1bc6086a0d40f46f2725c /models/repo.go | |
| parent | 6a79b7653158276c7269bed0e06a8e408786ca4a (diff) | |
| download | gitea-263d4093260707c6249eecb52ad52a0205e61351.tar.gz gitea-263d4093260707c6249eecb52ad52a0205e61351.zip | |
Basic xss prevention
Diffstat (limited to 'models/repo.go')
| -rw-r--r-- | models/repo.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/models/repo.go b/models/repo.go index a79c2491ce..8e29b3357d 100644 --- a/models/repo.go +++ b/models/repo.go @@ -23,6 +23,7 @@ import ( "github.com/Unknwon/cae/zip" "github.com/Unknwon/com" + "github.com/gogits/gogs/modules/base" "github.com/gogits/gogs/modules/git" "github.com/gogits/gogs/modules/log" "github.com/gogits/gogs/modules/process" @@ -48,7 +49,7 @@ var ( ) var ( - DescriptionPattern = regexp.MustCompile(`https?://\S+`) + DescPattern = regexp.MustCompile(`https?://\S+`) ) func LoadRepoConfig() { @@ -181,7 +182,7 @@ func (repo *Repository) DescriptionHtml() template.HTML { ss := html.EscapeString(s) return fmt.Sprintf(`<a href="%s" target="_blank">%s</a>`, ss, ss) } - return template.HTML(DescriptionPattern.ReplaceAllStringFunc(repo.Description, sanitize)) + return template.HTML(DescPattern.ReplaceAllStringFunc(base.XSSString(repo.Description), sanitize)) } // IsRepositoryExist returns true if the repository with given name under user has already existed. |