Improve QueryEscape helper function (#29768)

Make it return "template.URL" to follow Golang template's context auto-escaping.
author: wxiaoguang <wxiaoguang@gmail.com> 2024-03-13 21:32:30 +0800
committer: GitHub <noreply@github.com> 2024-03-13 21:32:30 +0800
commit: 3e94ac5c7c6751919453fdb66ba3472e2793759e (patch)
tree: d11913f52ffab3b7bffc56441703864fd53e1170 /modules/templates
parent: 85c59d6c21e10ef9d3ccf11713548f50e47e920f (diff)
download: gitea-3e94ac5c7c6751919453fdb66ba3472e2793759e.tar.gz
gitea-3e94ac5c7c6751919453fdb66ba3472e2793759e.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 0997239a55..2452064749 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -38,7 +38,7 @@ func NewFuncMap() template.FuncMap {
 		"SafeHTML":     SafeHTML,
 		"HTMLFormat":   HTMLFormat,
 		"HTMLEscape":   HTMLEscape,
-		"QueryEscape":  url.QueryEscape,
+		"QueryEscape":  QueryEscape,
 		"JSEscape":     JSEscapeSafe,
 		"SanitizeHTML": SanitizeHTML,
 		"URLJoin":      util.URLJoin,
@@ -226,6 +226,10 @@ func JSEscapeSafe(s string) template.HTML {
 	return template.HTML(template.JSEscapeString(s))
 }
 
+func QueryEscape(s string) template.URL {
+	return template.URL(url.QueryEscape(s))
+}
+
 // DotEscape wraps a dots in names with ZWJ [U+200D] in order to prevent autolinkers from detecting these as urls
 func DotEscape(raw string) string {
 	return strings.ReplaceAll(raw, ".", "\u200d.\u200d")
author	wxiaoguang <wxiaoguang@gmail.com>	2024-03-13 21:32:30 +0800
committer	GitHub <noreply@github.com>	2024-03-13 21:32:30 +0800
commit	3e94ac5c7c6751919453fdb66ba3472e2793759e (patch)
tree	d11913f52ffab3b7bffc56441703864fd53e1170 /modules/templates
parent	85c59d6c21e10ef9d3ccf11713548f50e47e920f (diff)
download	gitea-3e94ac5c7c6751919453fdb66ba3472e2793759e.tar.gz gitea-3e94ac5c7c6751919453fdb66ba3472e2793759e.zip