tdsds.com/gitea
tdsds.com
/
gitea
mirror of https://github.com/go-gitea/gitea
1
1
Fork 0
Code Releases Activity

Stop sanitizing full name in API (#17396) 

The API convert.toUser function makes the incorrect assumption that full names could
be rendered as is without being escaped. It therefore runs the names through
markup.Sanitize which leads to a double escape of user full names. This
pr stops this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
zeripath 2021-10-22 08:17:35 +01:00 committed by GitHub
parent 23d36929bc
commit af96286f22
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/convert/user.go
View File

@ -6,7 +6,6 @@ package convert
import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/markup"
api "code.gitea.io/gitea/modules/structs"
)
@ -49,7 +48,7 @@ func toUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{
ID: user.ID,
UserName: user.Name,
FullName: markup.Sanitize(user.FullName),
FullName: user.FullName,
Email: user.GetEmail(),
AvatarURL: user.AvatarLink(),
Created: user.CreatedUnix.AsTime(),