diff options
author | zeripath <art27@cantab.net> | 2020-12-26 21:58:21 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-26 21:58:21 +0000 |
commit | 236e70f1359ae46818c3916f21401ef4bacf3eaf (patch) | |
tree | a4aece861f373f0d32582629958a63f28a752d40 /services | |
parent | 5a1ccacac7900f91887440ad2c0d8a1e10fc0dfe (diff) | |
download | gitea-236e70f1359ae46818c3916f21401ef4bacf3eaf.tar.gz gitea-236e70f1359ae46818c3916f21401ef4bacf3eaf.zip |
Fix escaping issue in diff (#14153)
Ensure that linecontent is escaped before passing to template.HTML
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'services')
-rw-r--r-- | services/gitdiff/gitdiff.go | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/services/gitdiff/gitdiff.go b/services/gitdiff/gitdiff.go index 79cd16e193..81b92f7168 100644 --- a/services/gitdiff/gitdiff.go +++ b/services/gitdiff/gitdiff.go @@ -10,6 +10,7 @@ import ( "bytes" "context" "fmt" + "html" "html/template" "io" "io/ioutil" @@ -164,9 +165,9 @@ func getDiffLineSectionInfo(treePath, line string, lastLeftIdx, lastRightIdx int // escape a line's content or return <br> needed for copy/paste purposes func getLineContent(content string) string { if len(content) > 0 { - return content + return html.EscapeString(content) } - return "\n" + return "<br>" } // DiffSection represents a section of a DiffFile. @@ -357,8 +358,6 @@ func (diffSection *DiffSection) GetComputedInlineDiffFor(diffLine *DiffLine) tem diffRecord := diffMatchPatch.DiffMain(highlight.Code(diffSection.FileName, diff1[1:]), highlight.Code(diffSection.FileName, diff2[1:]), true) diffRecord = diffMatchPatch.DiffCleanupEfficiency(diffRecord) - diffRecord = diffMatchPatch.DiffCleanupEfficiency(diffRecord) - return diffToHTML(diffSection.FileName, diffRecord, diffLine.Type) } |