domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Basic xss prevention

Browse source
This commit is contained in:
Unknwon 2014-10-04 17:15:22 -04:00
parent 6a79b76531
commit 263d409326
6 changed files with 57 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

5
models/repo.go
View file

@ -23,6 +23,7 @@ import (
"github.com/Unknwon/cae/zip"
"github.com/Unknwon/com"
"github.com/gogits/gogs/modules/base"
"github.com/gogits/gogs/modules/git"
"github.com/gogits/gogs/modules/log"
"github.com/gogits/gogs/modules/process"
@ -48,7 +49,7 @@ var (
)
var (
DescriptionPattern = regexp.MustCompile(`https?://\S+`)
DescPattern = regexp.MustCompile(`https?://\S+`)
)
func LoadRepoConfig() {
@ -181,7 +182,7 @@ func (repo *Repository) DescriptionHtml() template.HTML {
ss := html.EscapeString(s)
return fmt.Sprintf(`<a href="%s" target="_blank">%s</a>`, ss, ss)
}
return template.HTML(DescriptionPattern.ReplaceAllStringFunc(repo.Description, sanitize))
return template.HTML(DescPattern.ReplaceAllStringFunc(base.XSSString(repo.Description), sanitize))
}
// IsRepositoryExist returns true if the repository with given name under user has already existed.