diff options
| -rw-r--r-- | modules/templates/helper.go | 5 | ||||
| -rw-r--r-- | services/mailer/mail.go | 25 | ||||
| -rw-r--r-- | services/mailer/mail_release.go | 5 | ||||
| -rw-r--r-- | services/mailer/mail_repo.go | 5 | ||||
| -rw-r--r-- | templates/mail/auth/activate.tmpl | 5 | ||||
| -rw-r--r-- | templates/mail/auth/activate_email.tmpl | 5 | ||||
| -rw-r--r-- | templates/mail/auth/register_notify.tmpl | 5 | ||||
| -rw-r--r-- | templates/mail/auth/reset_passwd.tmpl | 5 |
8 files changed, 38 insertions, 22 deletions
diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 63c165bc8b..918a6523ba 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -632,6 +632,11 @@ func JSEscape(raw string) string { return template.JSEscapeString(raw) } +// DotEscape wraps a dots in names with ZWJ [U+200D] in order to prevent autolinkers from detecting these as urls +func DotEscape(raw string) string { + return strings.ReplaceAll(raw, ".", "\u200d.\u200d") +} + // Sha1 returns sha1 sum of string func Sha1(str string) string { return base.EncodeSha1(str) diff --git a/services/mailer/mail.go b/services/mailer/mail.go index 8e04e7e4d2..1e90deb4c4 100644 --- a/services/mailer/mail.go +++ b/services/mailer/mail.go @@ -78,8 +78,9 @@ func sendUserMail(language string, u *user_model.User, tpl base.TplName, code, s "Code": code, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -128,8 +129,9 @@ func SendActivateEmailMail(u *user_model.User, email *user_model.EmailAddress) { "Email": email.Email, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -158,8 +160,9 @@ func SendRegisterNotifyMail(u *user_model.User) { "Username": u.Name, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -191,8 +194,9 @@ func SendCollaboratorMail(u, doer *user_model.User, repo *repo_model.Repository) "Link": repo.HTMLURL(), "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -275,8 +279,9 @@ func composeIssueCommentMessages(ctx *mailCommentContext, lang string, recipient "ReviewComments": reviewComments, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var mailSubject bytes.Buffer diff --git a/services/mailer/mail_release.go b/services/mailer/mail_release.go index 76dceb2387..b6bddeac04 100644 --- a/services/mailer/mail_release.go +++ b/services/mailer/mail_release.go @@ -75,8 +75,9 @@ func mailNewRelease(ctx context.Context, lang string, tos []string, rel *models. "Subject": subject, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var mailBody bytes.Buffer diff --git a/services/mailer/mail_repo.go b/services/mailer/mail_repo.go index 24e6d671f4..0abc666f1a 100644 --- a/services/mailer/mail_repo.go +++ b/services/mailer/mail_repo.go @@ -73,8 +73,9 @@ func sendRepoTransferNotifyMailPerLang(lang string, newOwner, doer *user_model.U "Language": locale.Language(), "Destination": destination, // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } if err := bodyTemplates.ExecuteTemplate(&content, string(mailRepoTransferNotify), data); err != nil { diff --git a/templates/mail/auth/activate.tmpl b/templates/mail/auth/activate.tmpl index 31e9a96882..5de3967bc4 100644 --- a/templates/mail/auth/activate.tmpl +++ b/templates/mail/auth/activate.tmpl @@ -2,12 +2,13 @@ <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <title>{{.i18n.Tr "mail.activate_account.title" .DisplayName}}</title> + <meta name="format-detection" content="telephone=no,date=no,address=no,email=no,url=no"/> + <title>{{.i18n.Tr "mail.activate_account.title" (.DisplayName|DotEscape)}}</title> </head> {{ $activate_url := printf "%suser/activate?code=%s" AppUrl (QueryEscape .Code)}} <body> - <p>{{.i18n.Tr "mail.activate_account.text_1" .DisplayName AppName | Str2html}}</p><br> + <p>{{.i18n.Tr "mail.activate_account.text_1" (.DisplayName|DotEscape) AppName | Str2html}}</p><br> <p>{{.i18n.Tr "mail.activate_account.text_2" .ActiveCodeLives | Str2html}}</p><p><a href="{{$activate_url}}">{{$activate_url}}</a></p><br> <p>{{.i18n.Tr "mail.link_not_working_do_paste"}}</p> diff --git a/templates/mail/auth/activate_email.tmpl b/templates/mail/auth/activate_email.tmpl index 8bd037ae4f..5c79798821 100644 --- a/templates/mail/auth/activate_email.tmpl +++ b/templates/mail/auth/activate_email.tmpl @@ -2,12 +2,13 @@ <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <title>{{.i18n.Tr "mail.activate_email.title" .DisplayName}}</title> + <meta name="format-detection" content="telephone=no,date=no,address=no,email=no,url=no"/> + <title>{{.i18n.Tr "mail.activate_email.title" (.DisplayName|DotEscape)}}</title> </head> {{ $activate_url := printf "%suser/activate_email?code=%s&email=%s" AppUrl (QueryEscape .Code) (QueryEscape .Email)}} <body> - <p>{{.i18n.Tr "mail.hi_user_x" .DisplayName | Str2html}}</p><br> + <p>{{.i18n.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}</p><br> <p>{{.i18n.Tr "mail.activate_email.text" .ActiveCodeLives | Str2html}}</p><p><a href="{{$activate_url}}">{{$activate_url}}</a></p><br> <p>{{.i18n.Tr "mail.link_not_working_do_paste"}}</p> diff --git a/templates/mail/auth/register_notify.tmpl b/templates/mail/auth/register_notify.tmpl index 45ca95f2c3..a32d8ce992 100644 --- a/templates/mail/auth/register_notify.tmpl +++ b/templates/mail/auth/register_notify.tmpl @@ -2,12 +2,13 @@ <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <title>{{.i18n.Tr "mail.register_notify.title" .DisplayName AppName}}</title> + <meta name="format-detection" content="telephone=no,date=no,address=no,email=no,url=no"/> + <title>{{.i18n.Tr "mail.register_notify.title" (.DisplayName|DotEscape) AppName}}</title> </head> {{$set_pwd_url := printf "%[1]suser/forgot_password" AppUrl}} <body> - <p>{{.i18n.Tr "mail.hi_user_x" .DisplayName | Str2html}}</p><br> + <p>{{.i18n.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}</p><br> <p>{{.i18n.Tr "mail.register_notify.text_1" AppName}}</p><br> <p>{{.i18n.Tr "mail.register_notify.text_2" .Username}}</p><p><a href="{{AppUrl}}user/login">{{AppUrl}}user/login</a></p><br> <p>{{.i18n.Tr "mail.register_notify.text_3" ($set_pwd_url | Escape) | Str2html}}</p><br> diff --git a/templates/mail/auth/reset_passwd.tmpl b/templates/mail/auth/reset_passwd.tmpl index bf10c1f967..028d911a99 100644 --- a/templates/mail/auth/reset_passwd.tmpl +++ b/templates/mail/auth/reset_passwd.tmpl @@ -2,12 +2,13 @@ <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <title>{{.i18n.Tr "mail.reset_password.title" .DisplayName}}</title> + <meta name="format-detection" content="telephone=no,date=no,address=no,email=no,url=no"/> + <title>{{.i18n.Tr "mail.reset_password.title" (.DisplayName|DotEscape)}}</title> </head> {{ $recover_url := printf "%suser/recover_account?code=%s" AppUrl (QueryEscape .Code)}} <body> - <p>{{.i18n.Tr "mail.hi_user_x" .DisplayName | Str2html}}</p><br> + <p>{{.i18n.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}</p><br> <p>{{.i18n.Tr "mail.reset_password.text" .ResetPwdCodeLives | Str2html}}</p><p><a href="{{$recover_url}}">{{$recover_url}}</a></p><br> <p>{{.i18n.Tr "mail.link_not_working_do_paste"}}</p> |