tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-10-31 19:38:23 +00:00
Code Releases Activity

Security: prevent XSS attach on wiki page

Browse Source 
Reported by Miguel Ángel Jimeno.
This commit is contained in:
Unknwon
2017-02-15 18:05:02 -05:00
committed by Kim "BKC" Carlbäcker
parent 43c94d0a6c
commit 134f3e6e09
2 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/templates/helper.go
View File

@@ -15,6 +15,7 @@ import (
"strings"
"time"
"github.com/microcosm-cc/bluemonday"
"golang.org/x/net/html/charset"
"golang.org/x/text/transform"
"gopkg.in/editorconfig/editorconfig-core-go.v1"
@@ -61,6 +62,7 @@ func NewFuncMap() []template.FuncMap {
},
"AvatarLink": base.AvatarLink,
"Safe": Safe,
"Sanitize": bluemonday.UGCPolicy().Sanitize,
"Str2html": Str2html,
"TimeSince": base.TimeSince,
"RawTimeSince": base.RawTimeSince,