domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Escape the commit message on issues update and title in telegram hook (#6901)

Browse source
This commit is contained in:
zeripath 2019-05-10 18:48:28 +01:00 committed by techknowlogick
parent 10ff527fae
commit d64a646c0a
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
models/webhook_telegram.go
View file

@ -7,6 +7,7 @@ package models
import (
"encoding/json"
"fmt"
"html"
"strings"
"code.gitea.io/gitea/modules/git"
@ -169,7 +170,7 @@ func getTelegramIssuesPayload(p *api.IssuePayload) (*TelegramPayload, error) {
func getTelegramIssueCommentPayload(p *api.IssueCommentPayload) (*TelegramPayload, error) {
url := fmt.Sprintf("%s/issues/%d#%s", p.Repository.HTMLURL, p.Issue.Index, CommentHashTag(p.Comment.ID))
title := fmt.Sprintf(`<a href="%s">#%d %s</a>`, url, p.Issue.Index, p.Issue.Title)
title := fmt.Sprintf(`<a href="%s">#%d %s</a>`, url, p.Issue.Index, html.EscapeString(p.Issue.Title))
var text string
switch p.Action {
case api.HookIssueCommentCreated: