diff options
| author | zeripath <art27@cantab.net> | 2020-08-28 05:37:05 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-28 00:37:05 -0400 |
| commit | d3b5edacb655ced0135ca5f48544612ccc38890e (patch) | |
| tree | a77a1fa8e66bb1235e8bbec03d2764c1df6799b8 /templates/repo/issue/view_title.tmpl | |
| parent | cbc60f5c70dac01af647e5f70730778b008cf234 (diff) | |
| download | gitea-d3b5edacb655ced0135ca5f48544612ccc38890e.tar.gz gitea-d3b5edacb655ced0135ca5f48544612ccc38890e.zip | |
Escape more things that are passed through str2html (#12622)
* Escape more things that are passed through str2html
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Bloody editors!
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update routers/user/oauth.go
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'templates/repo/issue/view_title.tmpl')
| -rw-r--r-- | templates/repo/issue/view_title.tmpl | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl index 74ed1034d7..459c44e78d 100644 --- a/templates/repo/issue/view_title.tmpl +++ b/templates/repo/issue/view_title.tmpl @@ -31,18 +31,18 @@ {{ $mergedStr:= TimeSinceUnix .Issue.PullRequest.MergedUnix $.Lang }} {{if .Issue.OriginalAuthor }} {{.Issue.OriginalAuthor}} - <span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Str2html}}</span> + <span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits (.HeadTarget|Escape) (.BaseTarget|Escape) $mergedStr | Str2html}}</span> {{else}} <a {{if gt .Issue.PullRequest.Merger.ID 0}}href="{{.Issue.PullRequest.Merger.HomeLink}}"{{end}}>{{.Issue.PullRequest.Merger.GetDisplayName}}</a> - <span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Str2html}}</span> + <span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits (.HeadTarget|Escape) (.BaseTarget|Escape) $mergedStr | Str2html}}</span> {{end}} {{else}} {{if .Issue.OriginalAuthor }} - <span id="pull-desc" class="pull-desc">{{.Issue.OriginalAuthor}} {{$.i18n.Tr "repo.pulls.title_desc" .NumCommits .HeadTarget .BaseTarget | Str2html}}</span> + <span id="pull-desc" class="pull-desc">{{.Issue.OriginalAuthor}} {{$.i18n.Tr "repo.pulls.title_desc" .NumCommits (.HeadTarget|Escape) (.BaseTarget|Escape) | Str2html}}</span> {{else}} <span id="pull-desc" class="pull-desc"> <a {{if gt .Issue.Poster.ID 0}}href="{{.Issue.Poster.HomeLink}}"{{end}}>{{.Issue.Poster.GetDisplayName}}</a> - {{$.i18n.Tr "repo.pulls.title_desc" .NumCommits .HeadTarget .BaseTarget | Str2html}} + {{$.i18n.Tr "repo.pulls.title_desc" .NumCommits (.HeadTarget|Escape) (.BaseTarget|Escape) | Str2html}} </span> {{end}} <span id="pull-desc-edit" style="display: none"> |