From 134f3e6e09ed0583bc377a08ef46a51013635a2e Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Wed, 15 Feb 2017 18:05:02 -0500
Subject: Security: prevent XSS attach on wiki page
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported by Miguel Ángel Jimeno.
---
 templates/repo/wiki/view.tmpl | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'templates/repo/wiki')

diff --git a/templates/repo/wiki/view.tmpl b/templates/repo/wiki/view.tmpl
index 9a1a984b63..b9aa4e9560 100644
--- a/templates/repo/wiki/view.tmpl
+++ b/templates/repo/wiki/view.tmpl
@@ -1,6 +1,7 @@
 {{template "base/head" .}}
 <div class="repository wiki view">
 	{{template "repo/header" .}}
+	{{ $title := .title | Sanitize}}
 	<div class="ui container">
 		<div class="ui grid">
 			<div class="ui ten wide column">
@@ -9,7 +10,7 @@
 						<div class="ui basic small button">
 							<span class="text">
 								{{.i18n.Tr "repo.wiki.page"}}:
-								<strong>{{.title}}</strong>
+								<strong>{{$title}}</strong>
 							</span>
 							<i class="dropdown icon"></i>
 						</div>
@@ -20,7 +21,7 @@
 							</div>
 							<div class="scrolling menu">
 								{{range .Pages}}
-									<div class="item {{if eq $.Title .Name}}selected{{end}}" data-url="{{$.RepoLink}}/wiki/{{.URL}}">{{.Name}}</div>
+									<div class="item {{if eq $.Title .Name}}selected{{end}}" data-url="{{$.RepoLink}}/wiki/{{.URL}}">{{.Name | Sanitize}}</div>
 								{{end}}
 							</div>
 						</div>
@@ -50,8 +51,8 @@
 				</div>
 			</div>
 		</div>
-		<div class="ui header">
-			{{.title}}
+		<div class="ui dividing header">
+			{{$title}}
 			{{if and .IsRepositoryWriter (not .Repository.IsMirror)}}
 				<div class="ui right">
 					<a class="ui small button" href="{{.RepoLink}}/wiki/{{EscapePound .PageURL}}/_edit">{{.i18n.Tr "repo.wiki.edit_page_button"}}</a>
@@ -95,7 +96,7 @@
 		{{.i18n.Tr "repo.wiki.delete_page_button"}}
 	</div>
 	<div class="content">
-		<p>{{.i18n.Tr "repo.wiki.delete_page_notice_1" .title | Safe}}</p>
+		<p>{{.i18n.Tr "repo.wiki.delete_page_notice_1" $title | Safe}}</p>
 	</div>
 	{{template "base/delete_modal_actions" .}}
 </div>
-- 
cgit v1.2.3