modules/base: clean code with #838

author: Unknwon <joe2010xtmf@163.com> 2015-01-30 18:12:30 -0500
committer: Unknwon <joe2010xtmf@163.com> 2015-01-30 18:12:30 -0500
commit: ee6786216a608fca2de322c90c7256577f2a500a (patch)
tree: ed91cff422302deb3b2f7da6744c8590ac90207b /models/repo.go
parent: 37fcc8daf2d7d86e4d0f8baaeab0b2e11e5ec8d0 (diff)
download: gitea-ee6786216a608fca2de322c90c7256577f2a500a.tar.gz
gitea-ee6786216a608fca2de322c90c7256577f2a500a.zip
1 files changed, 2 insertions, 5 deletions
diff --git a/models/repo.go b/models/repo.go
index 65689b6a1e..58c099d490 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -7,7 +7,6 @@ package models
 import (
 	"errors"
 	"fmt"
-	"html"
 	"html/template"
 	"io/ioutil"
 	"os"
@@ -218,11 +217,9 @@ func (repo *Repository) HasAccess(uname string) bool {
 // DescriptionHtml does special handles to description and return HTML string.
 func (repo *Repository) DescriptionHtml() template.HTML {
 	sanitize := func(s string) string {
-		// TODO(nuss-justin): Improve sanitization. Strip all tags?
-		ss := html.EscapeString(s)
-		return fmt.Sprintf(`<a href="%s" target="_blank">%s</a>`, ss, ss)
+		return fmt.Sprintf(`<a href="%[1]s" target="_blank">%[1]s</a>`, s)
 	}
-	return template.HTML(DescPattern.ReplaceAllStringFunc(base.XSSString(repo.Description), sanitize))
+	return template.HTML(DescPattern.ReplaceAllStringFunc(base.Sanitizer.Sanitize(repo.Description), sanitize))
 }
 
 // IsRepositoryExist returns true if the repository with given name under user has already existed.
author	Unknwon <joe2010xtmf@163.com>	2015-01-30 18:12:30 -0500
committer	Unknwon <joe2010xtmf@163.com>	2015-01-30 18:12:30 -0500
commit	ee6786216a608fca2de322c90c7256577f2a500a (patch)
tree	ed91cff422302deb3b2f7da6744c8590ac90207b /models/repo.go
parent	37fcc8daf2d7d86e4d0f8baaeab0b2e11e5ec8d0 (diff)
download	gitea-ee6786216a608fca2de322c90c7256577f2a500a.tar.gz gitea-ee6786216a608fca2de322c90c7256577f2a500a.zip