Security: fix XSS attack on milestone (#976)

Reported by Miguel Ángel Jimeno.
author: Lunny Xiao <xiaolunwen@gmail.com> 2017-02-19 19:09:59 +0800
committer: GitHub <noreply@github.com> 2017-02-19 19:09:59 +0800
commit: 6076c95dd1c1589eaf98f85b008c938adccf9451 (patch)
tree: 091d0eb70fb6d9568e092096ae87b402260cc1dc /templates/repo/issue/milestones.tmpl
parent: dbe6d2ff8eaae64db0ce800f60489afa0935c7ad (diff)
download: gitea-6076c95dd1c1589eaf98f85b008c938adccf9451.tar.gz
gitea-6076c95dd1c1589eaf98f85b008c938adccf9451.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/repo/issue/milestones.tmpl b/templates/repo/issue/milestones.tmpl
index 3703301e19..1cce9169d7 100644
--- a/templates/repo/issue/milestones.tmpl
+++ b/templates/repo/issue/milestones.tmpl
@@ -43,7 +43,7 @@
 		<div class="milestone list">
 			{{range .Milestones}}
 				<li class="item">
-					<i class="octicon octicon-milestone"></i> <a href="{{$.RepoLink}}/issues?state={{$.State}}&milestone={{.ID}}">{{.Name}}</a>
+					<i class="octicon octicon-milestone"></i> <a href="{{$.RepoLink}}/issues?state={{$.State}}&milestone={{.ID}}">{{.Name | Sanitize}}</a>
 					<div class="ui right green progress" data-percent="{{.Completeness}}">
 						<div class="bar" {{if not .Completeness}}style="background-color: transparent"{{end}}>
 							<div class="progress"></div>
author	Lunny Xiao <xiaolunwen@gmail.com>	2017-02-19 19:09:59 +0800
committer	GitHub <noreply@github.com>	2017-02-19 19:09:59 +0800
commit	6076c95dd1c1589eaf98f85b008c938adccf9451 (patch)
tree	091d0eb70fb6d9568e092096ae87b402260cc1dc /templates/repo/issue/milestones.tmpl
parent	dbe6d2ff8eaae64db0ce800f60489afa0935c7ad (diff)
download	gitea-6076c95dd1c1589eaf98f85b008c938adccf9451.tar.gz gitea-6076c95dd1c1589eaf98f85b008c938adccf9451.zip