mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-22 12:54:53 -05:00
Fix escaping issue in diff (#14153)
Ensure that linecontent is escaped before passing to template.HTML Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
5a1ccacac7
commit
236e70f135
1 changed files with 3 additions and 4 deletions
|
@ -10,6 +10,7 @@ import (
|
|||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
"html"
|
||||
"html/template"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
|
@ -164,9 +165,9 @@ func getDiffLineSectionInfo(treePath, line string, lastLeftIdx, lastRightIdx int
|
|||
// escape a line's content or return <br> needed for copy/paste purposes
|
||||
func getLineContent(content string) string {
|
||||
if len(content) > 0 {
|
||||
return content
|
||||
return html.EscapeString(content)
|
||||
}
|
||||
return "\n"
|
||||
return "<br>"
|
||||
}
|
||||
|
||||
// DiffSection represents a section of a DiffFile.
|
||||
|
@ -357,8 +358,6 @@ func (diffSection *DiffSection) GetComputedInlineDiffFor(diffLine *DiffLine) tem
|
|||
diffRecord := diffMatchPatch.DiffMain(highlight.Code(diffSection.FileName, diff1[1:]), highlight.Code(diffSection.FileName, diff2[1:]), true)
|
||||
diffRecord = diffMatchPatch.DiffCleanupEfficiency(diffRecord)
|
||||
|
||||
diffRecord = diffMatchPatch.DiffCleanupEfficiency(diffRecord)
|
||||
|
||||
return diffToHTML(diffSection.FileName, diffRecord, diffLine.Type)
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue