Escape more things that are passed through str2html (#12622)

* Escape more things that are passed through str2html Signed-off-by: Andrew Thornton <art27@cantab.net> * Bloody editors! Co-authored-by: mrsdizzie <info@mrsdizzie.com> * Update routers/user/oauth.go Co-authored-by: mrsdizzie <info@mrsdizzie.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
author: zeripath <art27@cantab.net> 2020-08-28 05:37:05 +0100
committer: GitHub <noreply@github.com> 2020-08-28 00:37:05 -0400
commit: d3b5edacb655ced0135ca5f48544612ccc38890e (patch)
tree: a77a1fa8e66bb1235e8bbec03d2764c1df6799b8 /templates/repo/settings
parent: cbc60f5c70dac01af647e5f70730778b008cf234 (diff)
download: gitea-d3b5edacb655ced0135ca5f48544612ccc38890e.tar.gz
gitea-d3b5edacb655ced0135ca5f48544612ccc38890e.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/repo/settings/protected_branch.tmpl b/templates/repo/settings/protected_branch.tmpl
index e65ab82421..3c2dfc831e 100644
--- a/templates/repo/settings/protected_branch.tmpl
+++ b/templates/repo/settings/protected_branch.tmpl
@@ -5,7 +5,7 @@
 	<div class="ui container">
 		{{template "base/alert" .}}
 		<h4 class="ui top attached header">
-			{{.i18n.Tr "repo.settings.branch_protection" .Branch.BranchName | Str2html}}
+			{{.i18n.Tr "repo.settings.branch_protection" (.Branch.BranchName|Escape) | Str2html}}
 		</h4>
 		<div class="ui attached segment branch-protection">
 			<form class="ui form" action="{{.Link}}" method="post">
author	zeripath <art27@cantab.net>	2020-08-28 05:37:05 +0100
committer	GitHub <noreply@github.com>	2020-08-28 00:37:05 -0400
commit	d3b5edacb655ced0135ca5f48544612ccc38890e (patch)
tree	a77a1fa8e66bb1235e8bbec03d2764c1df6799b8 /templates/repo/settings
parent	cbc60f5c70dac01af647e5f70730778b008cf234 (diff)
download	gitea-d3b5edacb655ced0135ca5f48544612ccc38890e.tar.gz gitea-d3b5edacb655ced0135ca5f48544612ccc38890e.zip