Escape search query (#3486)

Signed-off-by: Jonas Franz <info@jonasfranz.de>
author: Jonas Franz <info@jonasfranz.software> 2018-02-11 14:42:28 +0100
committer: Lauris BH <lauris@nix.lv> 2018-02-11 15:42:28 +0200
commit: 2cb4649acf73ce9a7b6c2b3f707673d89a789f46 (patch)
tree: 6405d4e881d5010c0f33c7bbbe93328a6b6a3d08 /modules/templates
parent: 6eaeb01ecf1471517bbd4882ab7450f4f45a6f1c (diff)
download: gitea-2cb4649acf73ce9a7b6c2b3f707673d89a789f46.tar.gz
gitea-2cb4649acf73ce9a7b6c2b3f707673d89a789f46.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index d6be25cebb..3f3d6083f2 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -27,6 +27,7 @@ import (
 	"golang.org/x/net/html/charset"
 	"golang.org/x/text/transform"
 	"gopkg.in/editorconfig/editorconfig-core-go.v1"
+	"html"
 )
 
 // NewFuncMap returns functions for injecting to templates
@@ -179,6 +180,7 @@ func NewFuncMap() []template.FuncMap {
 			return dict, nil
 		},
 		"Printf": fmt.Sprintf,
+		"Escape": Escape,
 	}}
 }
 
@@ -197,6 +199,11 @@ func Str2html(raw string) template.HTML {
 	return template.HTML(markup.Sanitize(raw))
 }
 
+// Escape escapes a HTML string
+func Escape(raw string) string {
+	return html.EscapeString(raw)
+}
+
 // List traversings the list
 func List(l *list.List) chan interface{} {
 	e := l.Front()
author	Jonas Franz <info@jonasfranz.software>	2018-02-11 14:42:28 +0100
committer	Lauris BH <lauris@nix.lv>	2018-02-11 15:42:28 +0200
commit	2cb4649acf73ce9a7b6c2b3f707673d89a789f46 (patch)
tree	6405d4e881d5010c0f33c7bbbe93328a6b6a3d08 /modules/templates
parent	6eaeb01ecf1471517bbd4882ab7450f4f45a6f1c (diff)
download	gitea-2cb4649acf73ce9a7b6c2b3f707673d89a789f46.tar.gz gitea-2cb4649acf73ce9a7b6c2b3f707673d89a789f46.zip