diff options
| author | zeripath <art27@cantab.net> | 2020-08-28 05:37:05 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-28 00:37:05 -0400 |
| commit | d3b5edacb655ced0135ca5f48544612ccc38890e (patch) | |
| tree | a77a1fa8e66bb1235e8bbec03d2764c1df6799b8 /templates/user | |
| parent | cbc60f5c70dac01af647e5f70730778b008cf234 (diff) | |
| download | gitea-d3b5edacb655ced0135ca5f48544612ccc38890e.tar.gz gitea-d3b5edacb655ced0135ca5f48544612ccc38890e.zip | |
Escape more things that are passed through str2html (#12622)
* Escape more things that are passed through str2html
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Bloody editors!
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update routers/user/oauth.go
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'templates/user')
| -rw-r--r-- | templates/user/auth/activate.tmpl | 6 | ||||
| -rw-r--r-- | templates/user/dashboard/feeds.tmpl | 10 |
2 files changed, 8 insertions, 8 deletions
diff --git a/templates/user/auth/activate.tmpl b/templates/user/auth/activate.tmpl index 92b85a1373..c24362bb8c 100644 --- a/templates/user/auth/activate.tmpl +++ b/templates/user/auth/activate.tmpl @@ -15,15 +15,15 @@ {{else if .ResendLimited}} <p class="center">{{.i18n.Tr "auth.resent_limit_prompt"}}</p> {{else}} - <p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" .SignedUser.Email .ActiveCodeLives | Str2html}}</p> + <p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.SignedUser.Email|Escape) .ActiveCodeLives | Str2html}}</p> {{end}} {{else}} {{if .IsSendRegisterMail}} - <p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" .Email .ActiveCodeLives | Str2html}}</p> + <p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.Email|Escape) .ActiveCodeLives | Str2html}}</p> {{else if .IsActivateFailed}} <p>{{.i18n.Tr "auth.invalid_code"}}</p> {{else}} - <p>{{.i18n.Tr "auth.has_unconfirmed_mail" .SignedUser.Name .SignedUser.Email | Str2html}}</p> + <p>{{.i18n.Tr "auth.has_unconfirmed_mail" (.SignedUser.Name|Escape) (.SignedUser.Email|Escape) | Str2html}}</p> <div class="ui divider"></div> <div class="text right"> <button class="ui blue button">{{.i18n.Tr "auth.resend_mail"}}</button> diff --git a/templates/user/dashboard/feeds.tmpl b/templates/user/dashboard/feeds.tmpl index 5e6d53e18a..739caeba5f 100644 --- a/templates/user/dashboard/feeds.tmpl +++ b/templates/user/dashboard/feeds.tmpl @@ -50,17 +50,17 @@ {{$.i18n.Tr "action.reopen_pull_request" .GetRepoLink $index .ShortRepoPath | Str2html}} {{else if eq .GetOpType 16}} {{ $index := index .GetIssueInfos 0}} - {{$.i18n.Tr "action.delete_tag" .GetRepoLink .GetBranch .ShortRepoPath | Str2html}} + {{$.i18n.Tr "action.delete_tag" .GetRepoLink (.GetBranch|Escape) .ShortRepoPath | Str2html}} {{else if eq .GetOpType 17}} {{ $index := index .GetIssueInfos 0}} - {{$.i18n.Tr "action.delete_branch" .GetRepoLink .GetBranch .ShortRepoPath | Str2html}} + {{$.i18n.Tr "action.delete_branch" .GetRepoLink (.GetBranch|Escape) .ShortRepoPath | Str2html}} {{else if eq .GetOpType 18}} {{ $branchLink := .GetBranch | EscapePound}} - {{$.i18n.Tr "action.mirror_sync_push" .GetRepoLink $branchLink .GetBranch .ShortRepoPath | Str2html}} + {{$.i18n.Tr "action.mirror_sync_push" .GetRepoLink $branchLink (.GetBranch|Escape) .ShortRepoPath | Str2html}} {{else if eq .GetOpType 19}} - {{$.i18n.Tr "action.mirror_sync_create" .GetRepoLink .GetBranch .ShortRepoPath | Str2html}} + {{$.i18n.Tr "action.mirror_sync_create" .GetRepoLink (.GetBranch|Escape) .ShortRepoPath | Str2html}} {{else if eq .GetOpType 20}} - {{$.i18n.Tr "action.mirror_sync_delete" .GetRepoLink .GetBranch .ShortRepoPath | Str2html}} + {{$.i18n.Tr "action.mirror_sync_delete" .GetRepoLink (.GetBranch|Escape) .ShortRepoPath | Str2html}} {{else if eq .GetOpType 21}} {{ $index := index .GetIssueInfos 0}} {{$.i18n.Tr "action.approve_pull_request" .GetRepoLink $index .ShortRepoPath | Str2html}} |