Description
Description
Hello gitea,
I'm a codeberg user. Lately I found, that for formfeeds ('\f’) an inappropriate warning is shown on top of the code, plus the formfeed characters are hidden behind a warning icon (see [https://codeberg.org/Foxglove/tileserver/src/branch/main/tileserver.pl]). Thus hiding the character warned of making the decision in favour of that piece of source code a lot harder.
I now learned, that codeberg is "following upstream and will never fork", plus the code that does the inappropriate warning and the information-hiding is part of gitea.
Why I consider this a bug
Although this might install some false fealing of security in the faint of heart (and/or bad informed), it will in the most part shy away those people, rendering publishing of source code on codeberg (through gitea) useless for me and, maybe others.
Imagine the emacs people would resort to host one of the oldest and most active open source projects through gitea:
••• sebastian@terra:/home/sebastian/develop/ext/emacs [master]
⤷ grep -lPr '\f' lisp | wc -l | xargs echo "Files with warnings: "
Files with warnings: 474
••• sebastian@terra:/home/sebastian/develop/ext/emacs [master]
⤷ grep -Pr '\f' lisp | wc -l | xargs echo "Icons to click: "
Icons to click: 4273
Is there a possiblity to get rid of the faulty code, or complement it with some sensible test for attack vectors?
Best wishes,
- Sebastian
Gitea Version
Current codeberg's version (as of 2023-06-05)
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
Git Version
No response
Operating System
No response
How are you running Gitea?
I'm a codeberg user, and was told, the warning is produced in gitea (https://codeberg.org/Codeberg/Community/issues/1030#issuecomment-929035
Database
None