1
1
mirror of https://github.com/go-gitea/gitea synced 2024-12-27 02:54:27 +00:00
gitea/templates/repo/wiki/revision.tmpl
6543 4435d8a4b6
Fix XSS vulnerabilities (#29336)
- The Wiki page did not sanitize author name
- the reviewer name on a "dismiss review" comment is also affected
- the migration page has some spots

---------

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: jolheiser <john.olheiser@gmail.com>
2024-02-22 23:37:21 +01:00

41 lines
1.4 KiB
Handlebars

{{template "base/head" .}}
<div role="main" aria-label="{{.Title}}" class="page-content repository wiki revisions">
{{template "repo/header" .}}
{{$title := .title}}
<div class="ui container">
<div class="ui stackable grid">
<div class="ui eight wide column">
<div class="ui header">
<a class="file-revisions-btn ui basic button" title="{{ctx.Locale.Tr "repo.wiki.back_to_wiki"}}" href="{{.RepoLink}}/wiki/{{.PageURL}}"><span>{{.revision}}</span> {{svg "octicon-home"}}</a>
{{$title}}
<div class="ui sub header gt-word-break">
{{$timeSince := TimeSince .Author.When ctx.Locale}}
{{ctx.Locale.Tr "repo.wiki.last_commit_info" (.Author.Name | Escape) $timeSince | Safe}}
</div>
</div>
</div>
<div class="ui eight wide column text right">
<div class="ui action small input" id="clone-panel">
{{template "repo/clone_buttons" .}}
{{template "repo/clone_script" .}}
</div>
</div>
</div>
<h2 class="ui top header">{{ctx.Locale.Tr "repo.wiki.wiki_page_revisions"}}</h2>
<div class="gt-mt-4">
<h4 class="ui top attached header">
<div class="ui stackable grid">
<div class="sixteen wide column">
{{.CommitCount}} {{ctx.Locale.Tr "repo.commits.commits"}}
</div>
</div>
</h4>
{{if and .Commits (gt .CommitCount 0)}}
{{template "repo/commits_list" .}}
{{end}}
{{template "base/paginate" .}}
</div>
</div>
</div>
{{template "base/footer" .}}