diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2024-02-18 09:48:59 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-18 01:48:59 +0000 |
| commit | a784ed3d6c6946fd9bf95f2e910f52f549326fe2 (patch) | |
| tree | 9946c734e07c65f193459febdc9c9d7ef91cbc1d /templates/repo/issue | |
| parent | d73223bfc6fcabdfb4ca284729ccead5ba228728 (diff) | |
| download | gitea-a784ed3d6c6946fd9bf95f2e910f52f549326fe2.tar.gz gitea-a784ed3d6c6946fd9bf95f2e910f52f549326fe2.zip | |
Use "Safe" modifier for manually constructed safe HTML strings in templates (#29227)
Follow #29165. These HTML strings are safe to be rendered directly, to
avoid double-escaping.
Diffstat (limited to 'templates/repo/issue')
| -rw-r--r-- | templates/repo/issue/view_content/comments.tmpl | 4 | ||||
| -rw-r--r-- | templates/repo/issue/view_content/pull.tmpl | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/templates/repo/issue/view_content/comments.tmpl b/templates/repo/issue/view_content/comments.tmpl index c1797ba77d..ed83377f5a 100644 --- a/templates/repo/issue/view_content/comments.tmpl +++ b/templates/repo/issue/view_content/comments.tmpl @@ -112,9 +112,9 @@ {{template "shared/user/authorlink" .Poster}} {{$link := printf "%s/commit/%s" $.Repository.Link ($.Issue.PullRequest.MergedCommitID|PathEscape)}} {{if eq $.Issue.PullRequest.Status 3}} - {{ctx.Locale.Tr "repo.issues.comment_manually_pull_merged_at" (printf `<a class="ui sha" href="%[1]s"><b>%[2]s</b></a>` ($link|Escape) (ShortSha $.Issue.PullRequest.MergedCommitID)) (printf "<b>%[1]s</b>" ($.BaseTarget|Escape)) $createdStr | Safe}} + {{ctx.Locale.Tr "repo.issues.comment_manually_pull_merged_at" (printf `<a class="ui sha" href="%[1]s"><b>%[2]s</b></a>` ($link|Escape) (ShortSha $.Issue.PullRequest.MergedCommitID) | Safe) (printf "<b>%[1]s</b>" ($.BaseTarget|Escape) | Safe) $createdStr}} {{else}} - {{ctx.Locale.Tr "repo.issues.comment_pull_merged_at" (printf `<a class="ui sha" href="%[1]s"><b>%[2]s</b></a>` ($link|Escape) (ShortSha $.Issue.PullRequest.MergedCommitID)) (printf "<b>%[1]s</b>" ($.BaseTarget|Escape)) $createdStr | Safe}} + {{ctx.Locale.Tr "repo.issues.comment_pull_merged_at" (printf `<a class="ui sha" href="%[1]s"><b>%[2]s</b></a>` ($link|Escape) (ShortSha $.Issue.PullRequest.MergedCommitID) | Safe) (printf "<b>%[1]s</b>" ($.BaseTarget|Escape) | Safe) $createdStr}} {{end}} </span> </div> diff --git a/templates/repo/issue/view_content/pull.tmpl b/templates/repo/issue/view_content/pull.tmpl index f1ab53eb67..a28b849f98 100644 --- a/templates/repo/issue/view_content/pull.tmpl +++ b/templates/repo/issue/view_content/pull.tmpl @@ -38,7 +38,7 @@ {{ctx.Locale.Tr "repo.pulls.merged_success"}} </h3> <div class="merge-section-info"> - {{ctx.Locale.Tr "repo.pulls.merged_info_text" (printf "<code>%s</code>" (.HeadTarget | Escape)) | Str2html}} + {{ctx.Locale.Tr "repo.pulls.merged_info_text" (printf "<code>%s</code>" (.HeadTarget | Escape) | Safe)}} </div> </div> <div class="item-section-right"> |