forked from Gitlink/gitea-1120-rc1
Escape tags and quotes in links.
This commit is contained in:
parent
e194cf3291
commit
636a78fed1
|
@ -8,6 +8,7 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"html"
|
||||||
"html/template"
|
"html/template"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
|
@ -152,7 +153,13 @@ func (repo *Repository) GetOwner() (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (repo *Repository) DescriptionHtml() template.HTML {
|
func (repo *Repository) DescriptionHtml() template.HTML {
|
||||||
return template.HTML(DescriptionPattern.ReplaceAllString(repo.Description, `<a href="$0" target="_blank">$0</a>`))
|
sanitize := func(s string) string {
|
||||||
|
// TODO(nuss-justin): Improve sanitization. Strip all tags?
|
||||||
|
ss := html.EscapeString(s)
|
||||||
|
|
||||||
|
return fmt.Sprintf(`<a href="%s" target="_blank">%s</a>`, ss, ss)
|
||||||
|
}
|
||||||
|
return template.HTML(DescriptionPattern.ReplaceAllStringFunc(repo.Description, sanitize))
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsRepositoryExist returns true if the repository with given name under user has already existed.
|
// IsRepositoryExist returns true if the repository with given name under user has already existed.
|
||||||
|
|
Loading…
Reference in New Issue