Skip to content

Improve HTML escaping helper#12562

Merged
zeripath merged 1 commit into
go-gitea:release/v1.12from
silverwind:backport-12383
Aug 22, 2020
Merged

Improve HTML escaping helper#12562
zeripath merged 1 commit into
go-gitea:release/v1.12from
silverwind:backport-12383

Conversation

@silverwind
Copy link
Copy Markdown
Member

@silverwind silverwind commented Aug 22, 2020

Backport of #12383 to 1.12.

@silverwind
Improve HTML escaping helper
c235b49 
The previous method did not escape single quotes which under some
circumstances can lead to XSS vulnerabilites and the fact that it
depends on jQuery is also not ideal. Replace it with a lightweight
module.
@silverwind silverwind mentioned this pull request Aug 22, 2020
Merged
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Aug 22, 2020
@zeripath zeripath added this to the 1.12.4 milestone Aug 22, 2020
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Aug 22, 2020
@zeripath zeripath merged commit ee5e5a5 into go-gitea:release/v1.12 Aug 22, 2020
@silverwind silverwind deleted the backport-12383 branch August 22, 2020 13:10
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny lunny approved these changes

+1 more reviewer

@zeripath zeripath zeripath approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug

Projects

None yet

Milestone

1.12.4

Development

Successfully merging this pull request may close these issues.

4 participants

@silverwind @lunny @zeripath @GiteaBot