Stop sanitizing full name in API (#17396)

The API convert.toUser function makes the incorrect assumption that full names could be rendered as is without being escaped. It therefore runs the names through markup.Sanitize which leads to a double escape of user full names. This pr stops this. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
author: zeripath <art27@cantab.net> 2021-10-22 08:17:35 +0100
committer: GitHub <noreply@github.com> 2021-10-22 15:17:35 +0800
commit: af96286f2254c1e073394aae0f18b132f07b38ad (patch)
tree: bab12c7bc5537ea614e2fca5dee98f28e95fd18a /modules/convert
parent: 23d36929bc098e452ccdd6e9188302304dde980e (diff)
download: gitea-af96286f2254c1e073394aae0f18b132f07b38ad.tar.gz
gitea-af96286f2254c1e073394aae0f18b132f07b38ad.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/modules/convert/user.go b/modules/convert/user.go
index 164ffb71fd..3f17ae4b4d 100644
--- a/modules/convert/user.go
+++ b/modules/convert/user.go
@@ -6,7 +6,6 @@ package convert
 
 import (
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/markup"
 	api "code.gitea.io/gitea/modules/structs"
 )
 
@@ -49,7 +48,7 @@ func toUser(user *models.User, signed, authed bool) *api.User {
 	result := &api.User{
 		ID:          user.ID,
 		UserName:    user.Name,
-		FullName:    markup.Sanitize(user.FullName),
+		FullName:    user.FullName,
 		Email:       user.GetEmail(),
 		AvatarURL:   user.AvatarLink(),
 		Created:     user.CreatedUnix.AsTime(),
author	zeripath <art27@cantab.net>	2021-10-22 08:17:35 +0100
committer	GitHub <noreply@github.com>	2021-10-22 15:17:35 +0800
commit	af96286f2254c1e073394aae0f18b132f07b38ad (patch)
tree	bab12c7bc5537ea614e2fca5dee98f28e95fd18a /modules/convert
parent	23d36929bc098e452ccdd6e9188302304dde980e (diff)
download	gitea-af96286f2254c1e073394aae0f18b132f07b38ad.tar.gz gitea-af96286f2254c1e073394aae0f18b132f07b38ad.zip