Escape more things that are passed through str2html (#12622)

* Escape more things that are passed through str2html Signed-off-by: Andrew Thornton <art27@cantab.net> * Bloody editors! Co-authored-by: mrsdizzie <info@mrsdizzie.com> * Update routers/user/oauth.go Co-authored-by: mrsdizzie <info@mrsdizzie.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2025-07-28 13:18:37 +00:00 · 2020-08-28 05:37:05 +01:00
parent cbc60f5c70
commit d3b5edacb6
7 changed files with 18 additions and 17 deletions
--- a/templates/repo/settings/protected_branch.tmpl
+++ b/templates/repo/settings/protected_branch.tmpl
@@ -5,7 +5,7 @@
 	<div class="ui container">
 		{{template "base/alert" .}}
 		<h4 class="ui top attached header">
-			{{.i18n.Tr "repo.settings.branch_protection" .Branch.BranchName | Str2html}}
+			{{.i18n.Tr "repo.settings.branch_protection" (.Branch.BranchName|Escape) | Str2html}}
 		</h4>
 		<div class="ui attached segment branch-protection">
 			<form class="ui form" action="{{.Link}}" method="post">