Fix username rendering bug (#2122)

* Fix username rendering bug * XSS integration test * Migration to unescape user full names
2025-11-04 16:40:24 +08:00 · 2017-07-12 10:58:52 -04:00
parent 2c3efd72ce
commit 858324c21a
4 changed files with 71 additions and 4 deletions
--- a/models/user.go
+++ b/models/user.go
@@ -35,7 +35,6 @@ import (
 	"code.gitea.io/gitea/modules/avatar"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/markdown"
 	"code.gitea.io/gitea/modules/setting"
 )

@@ -164,8 +163,6 @@ func (u *User) UpdateDiffViewStyle(style string) error {
 // AfterSet is invoked from XORM after setting the value of a field of this object.
 func (u *User) AfterSet(colName string, _ xorm.Cell) {
 	switch colName {
-	case "full_name":
-		u.FullName = markdown.Sanitize(u.FullName)
 	case "created_unix":
 		u.Created = time.Unix(u.CreatedUnix, 0).Local()
 	case "updated_unix":
@@ -871,7 +868,6 @@ func updateUser(e Engine, u *User) error {
 	u.Website = base.TruncateString(u.Website, 255)
 	u.Description = base.TruncateString(u.Description, 255)

-	u.FullName = markdown.Sanitize(u.FullName)
 	_, err := e.Id(u.ID).AllCols().Update(u)
 	return err
 }