Skip to content

Commit d2f6588

Browse files
wxiaoguangwxiaoguang
authored
Remove incorrect and unnecessary Escape from templates (#29394)
Follow #29165 * some of them are incorrect, which would lead to double escaping (eg: `(print (Escape $.RepoLink)`) * other of them are not necessary, because `Tr` handles strings&HTML automatically Suggest to review by "unified view": https://github.com/go-gitea/gitea/pull/29394/files?diff=unified&w=0
1 parent ea164ab commit d2f6588

28 files changed

+100
-100
lines changed

modules/templates/helper.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ func NewFuncMap() template.FuncMap {
3737
"Eval": Eval,
3838
"SafeHTML": SafeHTML,
3939
"HTMLFormat": HTMLFormat,
40-
"Escape": Escape,
40+
"HTMLEscape": HTMLEscape,
4141
"QueryEscape": url.QueryEscape,
4242
"JSEscape": JSEscapeSafe,
4343
"Str2html": Str2html, // TODO: rename it to SanitizeHTML
@@ -218,7 +218,7 @@ func Str2html(s any) template.HTML {
218218
panic(fmt.Sprintf("unexpected type %T", s))
219219
}
220220

221-
func Escape(s any) template.HTML {
221+
func HTMLEscape(s any) template.HTML {
222222
switch v := s.(type) {
223223
case string:
224224
return template.HTML(html.EscapeString(v))

templates/code/searchcombo.tmpl

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
</div>
88
{{else if .SearchResults}}
99
<h3>
10-
{{ctx.Locale.Tr "explore.code_search_results" (.Keyword|Escape)}}
10+
{{ctx.Locale.Tr "explore.code_search_results" .Keyword}}
1111
</h3>
1212
{{template "code/searchresults" .}}
1313
{{else if .Keyword}}

templates/explore/repo_search.tmpl

+1-1
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@
3636
</div>
3737
{{if and .PageIsExploreRepositories .OnlyShowRelevant}}
3838
<div class="ui message explore-relevancy-note">
39-
<span data-tooltip-content="{{ctx.Locale.Tr "explore.relevant_repositories_tooltip"}}">{{ctx.Locale.Tr "explore.relevant_repositories" ((printf "?only_show_relevant=0&sort=%s&q=%s&language=%s" $.SortType (QueryEscape $.Keyword) (QueryEscape $.Language))|Escape)}}</span>
39+
<span data-tooltip-content="{{ctx.Locale.Tr "explore.relevant_repositories_tooltip"}}">{{ctx.Locale.Tr "explore.relevant_repositories" (printf "?only_show_relevant=0&sort=%s&q=%s&language=%s" $.SortType (QueryEscape $.Keyword) (QueryEscape $.Language))}}</span>
4040
</div>
4141
{{end}}
4242
<div class="divider"></div>

templates/mail/auth/register_notify.tmpl

+1-1
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
<p>{{.locale.Tr "mail.hi_user_x" (.DisplayName|DotEscape)}}</p><br>
1212
<p>{{.locale.Tr "mail.register_notify.text_1" AppName}}</p><br>
1313
<p>{{.locale.Tr "mail.register_notify.text_2" .Username}}</p><p><a href="{{AppUrl}}user/login">{{AppUrl}}user/login</a></p><br>
14-
<p>{{.locale.Tr "mail.register_notify.text_3" ($set_pwd_url | Escape)}}</p><br>
14+
<p>{{.locale.Tr "mail.register_notify.text_3" $set_pwd_url}}</p><br>
1515

1616
<p>© <a target="_blank" rel="noopener noreferrer" href="{{AppUrl}}">{{AppName}}</a></p>
1717
</body>

templates/mail/issue/default.tmpl

+9-9
Original file line numberDiff line numberDiff line change
@@ -36,26 +36,26 @@
3636
{{end}}
3737
<p>
3838
{{if eq .ActionName "close"}}
39-
{{.locale.Tr "mail.issue.action.close" (Escape .Doer.Name) .Issue.Index}}
39+
{{.locale.Tr "mail.issue.action.close" .Doer.Name .Issue.Index}}
4040
{{else if eq .ActionName "reopen"}}
41-
{{.locale.Tr "mail.issue.action.reopen" (Escape .Doer.Name) .Issue.Index}}
41+
{{.locale.Tr "mail.issue.action.reopen" .Doer.Name .Issue.Index}}
4242
{{else if eq .ActionName "merge"}}
43-
{{.locale.Tr "mail.issue.action.merge" (Escape .Doer.Name) .Issue.Index (Escape .Issue.PullRequest.BaseBranch)}}
43+
{{.locale.Tr "mail.issue.action.merge" .Doer.Name .Issue.Index .Issue.PullRequest.BaseBranch}}
4444
{{else if eq .ActionName "approve"}}
45-
{{.locale.Tr "mail.issue.action.approve" (Escape .Doer.Name)}}
45+
{{.locale.Tr "mail.issue.action.approve" .Doer.Name}}
4646
{{else if eq .ActionName "reject"}}
47-
{{.locale.Tr "mail.issue.action.reject" (Escape .Doer.Name)}}
47+
{{.locale.Tr "mail.issue.action.reject" .Doer.Name}}
4848
{{else if eq .ActionName "review"}}
49-
{{.locale.Tr "mail.issue.action.review" (Escape .Doer.Name)}}
49+
{{.locale.Tr "mail.issue.action.review" .Doer.Name}}
5050
{{else if eq .ActionName "review_dismissed"}}
51-
{{.locale.Tr "mail.issue.action.review_dismissed" (Escape .Doer.Name) (Escape .Comment.Review.Reviewer.Name)}}
51+
{{.locale.Tr "mail.issue.action.review_dismissed" .Doer.Name .Comment.Review.Reviewer.Name}}
5252
{{else if eq .ActionName "ready_for_review"}}
53-
{{.locale.Tr "mail.issue.action.ready_for_review" (Escape .Doer.Name)}}
53+
{{.locale.Tr "mail.issue.action.ready_for_review" .Doer.Name}}
5454
{{end}}
5555

5656
{{- if eq .Body ""}}
5757
{{if eq .ActionName "new"}}
58-
{{.locale.Tr "mail.issue.action.new" (Escape .Doer.Name) .Issue.Index}}
58+
{{.locale.Tr "mail.issue.action.new" .Doer.Name .Issue.Index}}
5959
{{end}}
6060
{{else}}
6161
{{.Body | Str2html}}

templates/package/shared/list.tmpl

+2-2
Original file line numberDiff line numberDiff line change
@@ -30,9 +30,9 @@
3030
{{$hasRepositoryAccess = index $.RepositoryAccessMap .Repository.ID}}
3131
{{end}}
3232
{{if $hasRepositoryAccess}}
33-
{{ctx.Locale.Tr "packages.published_by_in" $timeStr .Creator.HomeLink (.Creator.GetDisplayName | Escape) .Repository.Link (.Repository.FullName | Escape)}}
33+
{{ctx.Locale.Tr "packages.published_by_in" $timeStr .Creator.HomeLink .Creator.GetDisplayName .Repository.Link .Repository.FullName}}
3434
{{else}}
35-
{{ctx.Locale.Tr "packages.published_by" $timeStr .Creator.HomeLink (.Creator.GetDisplayName | Escape)}}
35+
{{ctx.Locale.Tr "packages.published_by" $timeStr .Creator.HomeLink .Creator.GetDisplayName}}
3636
{{end}}
3737
</div>
3838
</div>

templates/package/shared/versionlist.tmpl

+1-1
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
<div class="flex-item-main">
2626
<a class="flex-item-title" href="{{.FullWebLink}}">{{.Version.LowerVersion}}</a>
2727
<div class="flex-item-body">
28-
{{ctx.Locale.Tr "packages.published_by" (TimeSinceUnix .Version.CreatedUnix ctx.Locale) .Creator.HomeLink (.Creator.GetDisplayName | Escape)}}
28+
{{ctx.Locale.Tr "packages.published_by" (TimeSinceUnix .Version.CreatedUnix ctx.Locale) .Creator.HomeLink .Creator.GetDisplayName}}
2929
</div>
3030
</div>
3131
</div>

templates/package/view.tmpl

+2-2
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,9 @@
1010
<div>
1111
{{$timeStr := TimeSinceUnix .PackageDescriptor.Version.CreatedUnix ctx.Locale}}
1212
{{if .HasRepositoryAccess}}
13-
{{ctx.Locale.Tr "packages.published_by_in" $timeStr .PackageDescriptor.Creator.HomeLink (.PackageDescriptor.Creator.GetDisplayName | Escape) .PackageDescriptor.Repository.Link (.PackageDescriptor.Repository.FullName | Escape)}}
13+
{{ctx.Locale.Tr "packages.published_by_in" $timeStr .PackageDescriptor.Creator.HomeLink .PackageDescriptor.Creator.GetDisplayName .PackageDescriptor.Repository.Link .PackageDescriptor.Repository.FullName}}
1414
{{else}}
15-
{{ctx.Locale.Tr "packages.published_by" $timeStr .PackageDescriptor.Creator.HomeLink (.PackageDescriptor.Creator.GetDisplayName | Escape)}}
15+
{{ctx.Locale.Tr "packages.published_by" $timeStr .PackageDescriptor.Creator.HomeLink .PackageDescriptor.Creator.GetDisplayName}}
1616
{{end}}
1717
</div>
1818
</div>

templates/repo/code/recently_pushed_new_branches.tmpl

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
<div class="ui positive message gt-df gt-ac">
33
<div class="gt-f1">
44
{{$timeSince := TimeSince .CommitTime.AsTime ctx.Locale}}
5-
{{ctx.Locale.Tr "repo.pulls.recently_pushed_new_branches" (Escape .Name) $timeSince}}
5+
{{ctx.Locale.Tr "repo.pulls.recently_pushed_new_branches" .Name $timeSince}}
66
</div>
77
<a role="button" class="ui compact positive button gt-m-0" href="{{$.Repository.ComposeBranchCompareURL $.Repository.BaseRepo .Name}}">
88
{{ctx.Locale.Tr "repo.pulls.compare_changes"}}

templates/repo/create_helper.tmpl

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
{{if not $.DisableMigrations}}
2-
<p class="ui center">{{ctx.Locale.Tr "repo.new_repo_helper" ((print AppSubUrl "/repo/migrate")|Escape)}}</p>
2+
<p class="ui center">{{ctx.Locale.Tr "repo.new_repo_helper" (print AppSubUrl "/repo/migrate")}}</p>
33
{{end}}

templates/repo/diff/comments.tmpl

+3-3
Original file line numberDiff line numberDiff line change
@@ -16,17 +16,17 @@
1616
{{.OriginalAuthor}}
1717
</span>
1818
<span class="text grey muted-links">
19-
{{ctx.Locale.Tr "repo.issues.commented_at" (.HashTag|Escape) $createdStr}}
19+
{{ctx.Locale.Tr "repo.issues.commented_at" .HashTag $createdStr}}
2020
</span>
2121
<span class="text migrate">
2222
{{if $.root.Repository.OriginalURL}}
23-
({{ctx.Locale.Tr "repo.migrated_from" ($.root.Repository.OriginalURL | Escape) ($.root.Repository.GetOriginalURLHostname | Escape)}})
23+
({{ctx.Locale.Tr "repo.migrated_from" $.root.Repository.OriginalURL $.root.Repository.GetOriginalURLHostname}})
2424
{{end}}
2525
</span>
2626
{{else}}
2727
<span class="text grey muted-links">
2828
{{template "shared/user/namelink" .Poster}}
29-
{{ctx.Locale.Tr "repo.issues.commented_at" (.HashTag|Escape) $createdStr}}
29+
{{ctx.Locale.Tr "repo.issues.commented_at" .HashTag $createdStr}}
3030
</span>
3131
{{end}}
3232
</div>

templates/repo/diff/compare.tmpl

+4-4
Original file line numberDiff line numberDiff line change
@@ -194,19 +194,19 @@
194194
{{if .HasPullRequest}}
195195
<div class="ui segment grid title">
196196
<div class="twelve wide column issue-title">
197-
{{ctx.Locale.Tr "repo.pulls.has_pull_request" (print (Escape $.RepoLink) "/pulls/" .PullRequest.Issue.Index) (Escape $.RepoRelPath) .PullRequest.Index}}
197+
{{ctx.Locale.Tr "repo.pulls.has_pull_request" (print $.RepoLink "/pulls/" .PullRequest.Issue.Index) $.RepoRelPath .PullRequest.Index}}
198198
<h1>
199199
<span id="issue-title">{{RenderIssueTitle $.Context .PullRequest.Issue.Title ($.Repository.ComposeMetas ctx)}}</span>
200200
<span class="index">#{{.PullRequest.Issue.Index}}</span>
201201
</h1>
202202
</div>
203203
<div class="four wide column middle aligned text right">
204204
{{- if .PullRequest.HasMerged -}}
205-
<a href="{{Escape $.RepoLink}}/pulls/{{.PullRequest.Issue.Index}}" class="ui button purple show-form">{{svg "octicon-git-merge" 16}} {{ctx.Locale.Tr "repo.pulls.view"}}</a>
205+
<a href="{{$.RepoLink}}/pulls/{{.PullRequest.Issue.Index}}" class="ui button purple show-form">{{svg "octicon-git-merge" 16}} {{ctx.Locale.Tr "repo.pulls.view"}}</a>
206206
{{else if .Issue.IsClosed}}
207-
<a href="{{Escape $.RepoLink}}/pulls/{{.PullRequest.Issue.Index}}" class="ui button red show-form">{{svg "octicon-issue-closed" 16}} {{ctx.Locale.Tr "repo.pulls.view"}}</a>
207+
<a href="{{$.RepoLink}}/pulls/{{.PullRequest.Issue.Index}}" class="ui button red show-form">{{svg "octicon-issue-closed" 16}} {{ctx.Locale.Tr "repo.pulls.view"}}</a>
208208
{{else}}
209-
<a href="{{Escape $.RepoLink}}/pulls/{{.PullRequest.Issue.Index}}" class="ui button primary show-form">{{svg "octicon-git-pull-request" 16}} {{ctx.Locale.Tr "repo.pulls.view"}}</a>
209+
<a href="{{$.RepoLink}}/pulls/{{.PullRequest.Issue.Index}}" class="ui button primary show-form">{{svg "octicon-git-pull-request" 16}} {{ctx.Locale.Tr "repo.pulls.view"}}</a>
210210
{{end}}
211211
</div>
212212
</div>

templates/repo/editor/commit_form.tmpl

+1-1
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
<input type="radio" class="js-quick-pull-choice-option" name="commit_choice" value="direct" button_text="{{ctx.Locale.Tr "repo.editor.commit_changes"}}" {{if eq .commit_choice "direct"}}checked{{end}}>
2727
<label>
2828
{{svg "octicon-git-commit"}}
29-
{{ctx.Locale.Tr "repo.editor.commit_directly_to_this_branch" (.BranchName|Escape)}}
29+
{{ctx.Locale.Tr "repo.editor.commit_directly_to_this_branch" .BranchName}}
3030
{{if not .CanCommitToBranch.CanCommitToBranch}}
3131
<div class="ui visible small warning message">
3232
{{ctx.Locale.Tr "repo.editor.no_commit_to_branch"}}

templates/repo/issue/card.tmpl

+3-3
Original file line numberDiff line numberDiff line change
@@ -23,11 +23,11 @@
2323
{{if not $.Page.Repository}}{{.Repo.FullName}}{{end}}#{{.Index}}
2424
{{$timeStr := TimeSinceUnix .GetLastEventTimestamp ctx.Locale}}
2525
{{if .OriginalAuthor}}
26-
{{ctx.Locale.Tr .GetLastEventLabelFake $timeStr (.OriginalAuthor|Escape)}}
26+
{{ctx.Locale.Tr .GetLastEventLabelFake $timeStr .OriginalAuthor}}
2727
{{else if gt .Poster.ID 0}}
28-
{{ctx.Locale.Tr .GetLastEventLabel $timeStr (.Poster.HomeLink|Escape) (.Poster.GetDisplayName | Escape)}}
28+
{{ctx.Locale.Tr .GetLastEventLabel $timeStr .Poster.HomeLink .Poster.GetDisplayName}}
2929
{{else}}
30-
{{ctx.Locale.Tr .GetLastEventLabelFake $timeStr (.Poster.GetDisplayName | Escape)}}
30+
{{ctx.Locale.Tr .GetLastEventLabelFake $timeStr .Poster.GetDisplayName}}
3131
{{end}}
3232
</span>
3333
</div>

templates/repo/issue/new_form.tmpl

+1-1
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
<div class="field">
1414
<input name="title" id="issue_title" placeholder="{{ctx.Locale.Tr "repo.milestones.title"}}" value="{{if .TitleQuery}}{{.TitleQuery}}{{else if .IssueTemplateTitle}}{{.IssueTemplateTitle}}{{else}}{{.title}}{{end}}" autofocus required maxlength="255" autocomplete="off">
1515
{{if .PageIsComparePull}}
16-
<div class="title_wip_desc" data-wip-prefixes="{{JsonUtils.EncodeToString .PullRequestWorkInProgressPrefixes}}">{{ctx.Locale.Tr "repo.pulls.title_wip_desc" (index .PullRequestWorkInProgressPrefixes 0| Escape)}}</div>
16+
<div class="title_wip_desc" data-wip-prefixes="{{JsonUtils.EncodeToString .PullRequestWorkInProgressPrefixes}}">{{ctx.Locale.Tr "repo.pulls.title_wip_desc" (index .PullRequestWorkInProgressPrefixes 0)}}</div>
1717
{{end}}
1818
</div>
1919
{{if .Fields}}

templates/repo/issue/view_content.tmpl

+4-4
Original file line numberDiff line numberDiff line change
@@ -28,18 +28,18 @@
2828
{{.Issue.OriginalAuthor}}
2929
</span>
3030
<span class="text grey muted-links">
31-
{{ctx.Locale.Tr "repo.issues.commented_at" (.Issue.HashTag|Escape) $createdStr}}
31+
{{ctx.Locale.Tr "repo.issues.commented_at" .Issue.HashTag $createdStr}}
3232
</span>
3333
<span class="text migrate">
34-
{{if .Repository.OriginalURL}} ({{ctx.Locale.Tr "repo.migrated_from" (.Repository.OriginalURL|Escape) (.Repository.GetOriginalURLHostname|Escape)}}){{end}}
34+
{{if .Repository.OriginalURL}} ({{ctx.Locale.Tr "repo.migrated_from" .Repository.OriginalURL .Repository.GetOriginalURLHostname}}){{end}}
3535
</span>
3636
{{else}}
3737
<a class="inline-timeline-avatar" href="{{.Issue.Poster.HomeLink}}">
3838
{{ctx.AvatarUtils.Avatar .Issue.Poster 24}}
3939
</a>
4040
<span class="text grey muted-links">
4141
{{template "shared/user/authorlink" .Issue.Poster}}
42-
{{ctx.Locale.Tr "repo.issues.commented_at" (.Issue.HashTag|Escape) $createdStr}}
42+
{{ctx.Locale.Tr "repo.issues.commented_at" .Issue.HashTag $createdStr}}
4343
</span>
4444
{{end}}
4545
</div>
@@ -133,7 +133,7 @@
133133
</div>
134134
{{else}}
135135
<div class="ui warning message">
136-
{{ctx.Locale.Tr "repo.issues.sign_in_require_desc" (.SignInLink|Escape)}}
136+
{{ctx.Locale.Tr "repo.issues.sign_in_require_desc" .SignInLink}}
137137
</div>
138138
{{end}}
139139
{{end}}{{/* end if: .IsSigned */}}

0 commit comments

Comments
 (0)