diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2017-02-19 19:18:06 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-02-19 19:18:06 +0800 |
commit | b8f70a27a52e6a2c8021485bfc1522eb5071c39f (patch) | |
tree | 0f150e89fa2c0de2071e5d66ee49f7c8bce14a14 /templates/base | |
parent | 6076c95dd1c1589eaf98f85b008c938adccf9451 (diff) | |
download | gitea-b8f70a27a52e6a2c8021485bfc1522eb5071c39f.tar.gz gitea-b8f70a27a52e6a2c8021485bfc1522eb5071c39f.zip |
Security: fix XSS attack on alert (#973)
Diffstat (limited to 'templates/base')
-rw-r--r-- | templates/base/alert.tmpl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/templates/base/alert.tmpl b/templates/base/alert.tmpl index 8d05b882a7..61b99486e2 100644 --- a/templates/base/alert.tmpl +++ b/templates/base/alert.tmpl @@ -1,15 +1,15 @@ {{if .Flash.ErrorMsg}} <div class="ui negative message"> - <p>{{.Flash.ErrorMsg | Safe}}</p> + <p>{{.Flash.ErrorMsg | Str2html}}</p> </div> {{end}} {{if .Flash.SuccessMsg}} <div class="ui positive message"> - <p>{{.Flash.SuccessMsg | Safe}}</p> + <p>{{.Flash.SuccessMsg | Str2html}}</p> </div> {{end}} {{if .Flash.InfoMsg}} <div class="ui info message"> - <p>{{.Flash.InfoMsg | Safe}}</p> + <p>{{.Flash.InfoMsg | Str2html}}</p> </div> {{end}} |