TRKJ/gitea
2
0
Fork 0
mirror of https://gitee.com/gitea/gitea synced 2025-11-04 08:30:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Escape tags and quotes in links.

Browse Source
This commit is contained in:
Justin Nuß
2014-07-22 20:08:04 +02:00
parent e194cf3291
commit 636a78fed1
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
models/repo.go
View File

@@ -8,6 +8,7 @@ import (
"errors"
"fmt"
"io/ioutil"
"html"
"html/template"
"os"
"path"
@@ -152,7 +153,13 @@ func (repo *Repository) GetOwner() (err error) {
}
func (repo *Repository) DescriptionHtml() template.HTML {
return template.HTML(DescriptionPattern.ReplaceAllString(repo.Description, `<a href="$0" target="_blank">$0</a>`))
sanitize := func(s string) string {
// TODO(nuss-justin): Improve sanitization. Strip all tags?
ss := html.EscapeString(s)
return fmt.Sprintf(`<a href="%s" target="_blank">%s</a>`, ss, ss)
}
return template.HTML(DescriptionPattern.ReplaceAllStringFunc(repo.Description, sanitize))
}
// IsRepositoryExist returns true if the repository with given name under user has already existed.