Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apostrophe shows as HTML entity when adding user to organization #17362

Closed
jhult opened this issue Oct 19, 2021 · 9 comments · Fixed by #17396
Closed

Apostrophe shows as HTML entity when adding user to organization #17362

jhult opened this issue Oct 19, 2021 · 9 comments · Fixed by #17396
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/bug
Milestone
1.16.0

Comments

@jhult
Copy link
Contributor

jhult commented Oct 19, 2021

Gitea Version

1.15.3

Git Version

2.30.2

Operating System

alpine

How are you running Gitea?

Docker via gitea/gitea:latest-rootless

Database

SQLite

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Description

Create a user with an apostrophe in their name. Add them to an organization. Notice that the apostrophe is shown as the HTML entity (').

Cannot test on try.gitea.io since I need permissions (which I don't have) to add the user to an organization.

User is coming from an OpenID registry.

Screenshots

No response
@jhult
Copy link
Contributor Author

jhult commented Oct 19, 2021

Related issue: #2122

@zeripath
Copy link
Contributor

zeripath commented Oct 19, 2021
edited
Loading

Able to duplicate at least partially on try.gitea.io https://try.gitea.io/org/testOrf/teams/testorf-test-team:

Screenshot from 2021-10-19 22-26-36

Screenshot from 2021-10-19 22-27-10

Screenshot from 2021-10-19 22-27-33

@zeripath zeripath added the issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented label Oct 19, 2021
@zeripath zeripath added this to the 1.15.5 milestone Oct 19, 2021
@jhult
Copy link
Contributor Author

jhult commented Oct 19, 2021

Thanks @zeripath for confirming.

@zeripath
Copy link
Contributor

@jhult are the two places I've demonstrated the only places where it happens? I.e. it's just in the drop-downs?

@jhult
Copy link
Contributor Author

jhult commented Oct 20, 2021

@zeripath, yes the issue appears to only occur in drop-downs.

@6543 6543 modified the milestones: 1.15.5, 1.15.6 Oct 20, 2021
@zeripath
Copy link
Contributor

Hmm... the problem is:

gitea/modules/convert/user.go

Line 52 in 35b918f

FullName: markup.Sanitize(user.FullName),

This makes the strange assumption that'd we'd want users Full Names to be renderable...

@zeripath
Copy link
Contributor

I'm not sure that we actually allow this.

@wxiaoguang wxiaoguang linked a pull request Oct 23, 2021 that will close this issue
Stop sanitizing full name in API #17396
Merged
@wxiaoguang
Copy link
Contributor

Can this issue be closed? The PR is merged.

@zeripath
Copy link
Contributor

I don't think we can backport the fixing PR as it's technically breaking. Therefore I'm removing this from 1.15.6 milestone and moving it to 1.16

@zeripath zeripath modified the milestones: 1.15.6, 1.16.0 Oct 24, 2021
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/bug
Projects
None yet
Milestone
1.16.0
Development

Successfully merging a pull request may close this issue.

Stop sanitizing full name in API zeripath/gitea
5 participants
@techknowlogick @zeripath @wxiaoguang @jhult @6543