1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-27 09:11:53 -05:00
forgejo/templates
Gusted 4fdd0ed728
[SECURITY] Fix XSS in dismissed review
- It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
- Pass `$reviewerName` trough `Escape`.

(cherry picked from commit fe2df46d05)

Conflicts:
	templates/repo/issue/view_content/comments.tmpl
	trivial context conflict
2024-02-22 22:44:22 +01:00
..
admin [BRANDING] define the forgejo webhook type 2023-08-21 07:22:16 +02:00
api/packages/pypi Remove incorrect HTML self close tag (#23748) 2023-03-27 18:05:51 +02:00
base [BRANDING] link to forgejo.org/docs instead of docs.gitea.io 2023-07-17 00:25:56 +02:00
code Use data-tooltip-content for tippy tooltip (#23649) 2023-03-24 18:35:38 +08:00
custom Add footer extra links template (#9576) 2020-01-03 20:41:56 +02:00
devtest Make "cancel" buttons have proper type in modal forms (#25618) (#25641) 2023-07-03 17:09:38 +08:00
explore Fix incorrect sort link with .profile repository (#26374) (#26379) 2023-08-21 07:22:18 +02:00
mail Remove incorrect HTML self close tag (#23748) 2023-03-27 18:05:51 +02:00
org Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
package RPM Registry: Show zypper commands for SUSE based distros as well (#25981) (#26020) 2023-07-24 07:59:10 +02:00
projects Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
repo [SECURITY] Fix XSS in dismissed review 2024-02-22 22:44:22 +01:00
shared [BRANDING] gitea logo for gitea webhooks 2023-09-01 11:56:05 +02:00
status Show OAuth2 errors to end users (#25261) (#25271) 2023-06-15 02:48:36 +00:00
swagger [BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP 2023-11-14 13:17:12 +01:00
user Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
home.tmpl Improve home page template, fix Sort dropdown menu flash (#23856) 2023-04-01 13:47:54 +08:00
install.tmpl Remove duplicated button in Install web page (#27941) 2023-11-14 13:17:12 +01:00
post-install.tmpl [BRANDING] Custom loading animation for Forgejo 2023-07-17 00:25:55 +02:00