Skip to content

Commit

Permalink
Use "Safe" modifier for manually constructed safe HTML strings in tem…
Browse files Browse the repository at this point in the history
…plates (go-gitea#29227)

Follow go-gitea#29165. These HTML strings are safe to be rendered directly, to
avoid double-escaping.
  • Loading branch information
wxiaoguang authored and silverwind committed Feb 20, 2024
1 parent d2c724f commit 15278e4
Show file tree
Hide file tree
Showing 12 changed files with 15 additions and 15 deletions.
2 changes: 1 addition & 1 deletion templates/admin/packages/list.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@
{{ctx.Locale.Tr "packages.settings.delete"}}
</div>
<div class="content">
{{ctx.Locale.Tr "packages.settings.delete.notice" `<span class="name"></span>` `<span class="dataVersion"></span>` | Safe}}
{{ctx.Locale.Tr "packages.settings.delete.notice" (`<span class="name"></span>`|Safe) (`<span class="dataVersion"></span>`|Safe)}}
</div>
{{template "base/modal_actions_confirm" .}}
</div>
Expand Down
2 changes: 1 addition & 1 deletion templates/admin/repo/list.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@
</div>
<div class="content">
<p>{{ctx.Locale.Tr "repo.settings.delete_desc"}}</p>
{{ctx.Locale.Tr "repo.settings.delete_notices_2" `<span class="name"></span>` | Safe}}<br>
{{ctx.Locale.Tr "repo.settings.delete_notices_2" (`<span class="name"></span>`|Safe)}}<br>
{{ctx.Locale.Tr "repo.settings.delete_notices_fork_1"}}<br>
</div>
{{template "base/modal_actions_confirm" .}}
Expand Down
2 changes: 1 addition & 1 deletion templates/admin/stacktrace.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
{{ctx.Locale.Tr "admin.monitor.process.cancel"}}
</div>
<div class="content">
<p>{{ctx.Locale.Tr "admin.monitor.process.cancel_notices" `<span class="name"></span>` | Safe}}</p>
<p>{{ctx.Locale.Tr "admin.monitor.process.cancel_notices" (`<span class="name"></span>`|Safe)}}</p>
<p>{{ctx.Locale.Tr "admin.monitor.process.cancel_desc"}}</p>
</div>
{{template "base/modal_actions_confirm" .}}
Expand Down
4 changes: 2 additions & 2 deletions templates/org/member/members.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@
{{ctx.Locale.Tr "org.members.leave"}}
</div>
<div class="content">
<p>{{ctx.Locale.Tr "org.members.leave.detail" `<span class="dataOrganizationName"></span>` | Safe}}</p>
<p>{{ctx.Locale.Tr "org.members.leave.detail" (`<span class="dataOrganizationName"></span>`|Safe)}}</p>
</div>
{{template "base/modal_actions_confirm" .}}
</div>
Expand All @@ -82,7 +82,7 @@
{{ctx.Locale.Tr "org.members.remove"}}
</div>
<div class="content">
<p>{{ctx.Locale.Tr "org.members.remove.detail" `<span class="name"></span>` `<span class="dataOrganizationName"></span>` | Safe}}</p>
<p>{{ctx.Locale.Tr "org.members.remove.detail" (`<span class="name"></span>`|Safe) (`<span class="dataOrganizationName"></span>`|Safe)}}</p>
</div>
{{template "base/modal_actions_confirm" .}}
</div>
Expand Down
2 changes: 1 addition & 1 deletion templates/org/team/members.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@
{{ctx.Locale.Tr "org.members.remove"}}
</div>
<div class="content">
<p>{{ctx.Locale.Tr "org.members.remove.detail" `<span class="name"></span>` `<span class="dataTeamName"></span>` | Safe}}</p>
<p>{{ctx.Locale.Tr "org.members.remove.detail" (`<span class="name"></span>`|Safe) (`<span class="dataTeamName"></span>`|Safe)}}</p>
</div>
{{template "base/modal_actions_confirm" .}}
</div>
Expand Down
2 changes: 1 addition & 1 deletion templates/org/team/sidebar.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@
{{ctx.Locale.Tr "org.teams.leave"}}
</div>
<div class="content">
<p>{{ctx.Locale.Tr "org.teams.leave.detail" `<span class="name"></span>` | Safe}}</p>
<p>{{ctx.Locale.Tr "org.teams.leave.detail" (`<span class="name"></span>`|Safe)}}</p>
</div>
{{template "base/modal_actions_confirm" .}}
</div>
2 changes: 1 addition & 1 deletion templates/org/team/teams.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
{{ctx.Locale.Tr "org.teams.leave"}}
</div>
<div class="content">
<p>{{ctx.Locale.Tr "org.teams.leave.detail" `<span class="name"></span>` | Safe}}</p>
<p>{{ctx.Locale.Tr "org.teams.leave.detail" (`<span class="name"></span>`|Safe)}}</p>
</div>
{{template "base/modal_actions_confirm" .}}
</div>
Expand Down
4 changes: 2 additions & 2 deletions templates/repo/commit_page.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@
{{.CsrfTokenHtml}}
<div class="field">
<label>
{{ctx.Locale.Tr "repo.branch.new_branch_from" `<span class="text" id="modal-create-branch-from-span"></span>` | Safe}}
{{ctx.Locale.Tr "repo.branch.new_branch_from" (`<span class="text" id="modal-create-branch-from-span"></span>`|Safe)}}
</label>
</div>
<div class="required field">
Expand All @@ -113,7 +113,7 @@
<input type="hidden" name="create_tag" value="true">
<div class="field">
<label>
{{ctx.Locale.Tr "repo.tag.create_tag_from" `<span class="text" id="modal-create-tag-from-span"></span>` | Safe}}
{{ctx.Locale.Tr "repo.tag.create_tag_from" (`<span class="text" id="modal-create-tag-from-span"></span>`|Safe)}}
</label>
</div>
<div class="required field">
Expand Down
4 changes: 2 additions & 2 deletions templates/repo/issue/view_content/comments.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -112,9 +112,9 @@
{{template "shared/user/authorlink" .Poster}}
{{$link := printf "%s/commit/%s" $.Repository.Link ($.Issue.PullRequest.MergedCommitID|PathEscape)}}
{{if eq $.Issue.PullRequest.Status 3}}
{{ctx.Locale.Tr "repo.issues.comment_manually_pull_merged_at" (printf `<a class="ui sha" href="%[1]s"><b>%[2]s</b></a>` ($link|Escape) (ShortSha $.Issue.PullRequest.MergedCommitID)) (printf "<b>%[1]s</b>" ($.BaseTarget|Escape)) $createdStr | Safe}}
{{ctx.Locale.Tr "repo.issues.comment_manually_pull_merged_at" (printf `<a class="ui sha" href="%[1]s"><b>%[2]s</b></a>` ($link|Escape) (ShortSha $.Issue.PullRequest.MergedCommitID) | Safe) (printf "<b>%[1]s</b>" ($.BaseTarget|Escape) | Safe) $createdStr}}
{{else}}
{{ctx.Locale.Tr "repo.issues.comment_pull_merged_at" (printf `<a class="ui sha" href="%[1]s"><b>%[2]s</b></a>` ($link|Escape) (ShortSha $.Issue.PullRequest.MergedCommitID)) (printf "<b>%[1]s</b>" ($.BaseTarget|Escape)) $createdStr | Safe}}
{{ctx.Locale.Tr "repo.issues.comment_pull_merged_at" (printf `<a class="ui sha" href="%[1]s"><b>%[2]s</b></a>` ($link|Escape) (ShortSha $.Issue.PullRequest.MergedCommitID) | Safe) (printf "<b>%[1]s</b>" ($.BaseTarget|Escape) | Safe) $createdStr}}
{{end}}
</span>
</div>
Expand Down
2 changes: 1 addition & 1 deletion templates/repo/issue/view_content/pull.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
{{ctx.Locale.Tr "repo.pulls.merged_success"}}
</h3>
<div class="merge-section-info">
{{ctx.Locale.Tr "repo.pulls.merged_info_text" (printf "<code>%s</code>" (.HeadTarget | Escape)) | Str2html}}
{{ctx.Locale.Tr "repo.pulls.merged_info_text" (printf "<code>%s</code>" (.HeadTarget | Escape) | Safe)}}
</div>
</div>
<div class="item-section-right">
Expand Down
2 changes: 1 addition & 1 deletion templates/repo/settings/webhook/settings.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@
<label for="authorization_header">{{ctx.Locale.Tr "repo.settings.authorization_header"}}</label>
<input id="authorization_header" name="authorization_header" type="text" value="{{.Webhook.HeaderAuthorization}}"{{if eq .HookType "matrix"}} placeholder="Bearer $access_token" required{{end}}>
{{if ne .HookType "matrix"}}{{/* Matrix doesn't make the authorization optional but it is implied by the help string, should be changed.*/}}
<span class="help">{{ctx.Locale.Tr "repo.settings.authorization_header_desc" "<code>Bearer token123456</code>, <code>Basic YWxhZGRpbjpvcGVuc2VzYW1l</code>" | Str2html}}</span>
<span class="help">{{ctx.Locale.Tr "repo.settings.authorization_header_desc" ("<code>Bearer token123456</code>, <code>Basic YWxhZGRpbjpvcGVuc2VzYW1l</code>" | Safe)}}</span>
{{end}}
</div>

Expand Down
2 changes: 1 addition & 1 deletion templates/user/settings/organization.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
{{ctx.Locale.Tr "org.members.leave"}}
</div>
<div class="content">
<p>{{ctx.Locale.Tr "org.members.leave.detail" `<span class="dataOrganizationName"></span>` | Safe}}</p>
<p>{{ctx.Locale.Tr "org.members.leave.detail" (`<span class="dataOrganizationName"></span>`|Safe)}}</p>
</div>
{{template "base/modal_actions_confirm" .}}
</div>
Expand Down

0 comments on commit 15278e4

Please sign in to comment.