mirror of
1
Fork 0
forgejo/templates/repo
Gusted 4fdd0ed728
[SECURITY] Fix XSS in dismissed review
- It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
- Pass `$reviewerName` trough `Escape`.

(cherry picked from commit fe2df46d05)

Conflicts:
	templates/repo/issue/view_content/comments.tmpl
	trivial context conflict
2024-02-22 22:44:22 +01:00
..
actions Actions list enhancements (#25601) (#25678) 2023-07-04 13:00:34 +00:00
branch Several fixes for mobile UI (#25634) (#25689) 2023-07-07 00:34:00 +02:00
cite Button and color enhancements (#24989) (#25176) 2023-06-11 02:13:08 +00:00
diff Fix being unable to use a repo that prohibits accepting PRs as a PR source. (#26785) (#26790) 2023-09-08 08:09:18 +02:00
editor Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
find Refactor hiding-methods, remove jQuery show/hide, remove `.hide` class, remove inline style=display:none (#22950) 2023-02-19 12:06:14 +08:00
graph Improve commit graph alignment and truncating (#26112) (#26127) 2023-07-26 13:49:15 +02:00
issue [SECURITY] Fix XSS in dismissed review 2024-02-22 22:44:22 +01:00
migrate [SECURITY] review(kn4ck3r): more template escapes 2024-02-22 22:33:06 +01:00
projects Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
pulls Don't stack PR tab menu on small screens (#25789) 2023-08-18 15:40:21 +02:00
release Button and color enhancements (#24989) (#25176) 2023-06-11 02:13:08 +00:00
settings [SECURITY] review(kn4ck3r): more template escapes 2024-02-22 22:33:06 +01:00
tag RSS icon fixes (#24476) 2023-05-10 22:27:02 +00:00
wiki [SECURITY] Fix XSS in wiki last commit information 2024-02-22 22:36:14 +01:00
activity.tmpl Fix UI on mobile view (#25315) (#25340) 2023-06-18 13:02:41 +00:00
blame.tmpl Button and color enhancements (#24989) (#25176) 2023-06-11 02:13:08 +00:00
branch_dropdown.tmpl Make Issue/PR/projects more compact, misc CSS tweaks (#24459) 2023-05-03 17:58:59 -04:00
clone_buttons.tmpl Clarify "text-align" CSS helpers, fix clone button padding (#25763) (#25764) 2023-07-10 00:19:24 +02:00
clone_script.tmpl Rework button coloring, add focus and active colors (#24507) 2023-05-29 12:45:22 +00:00
commit_page.tmpl Clarify "text-align" CSS helpers, fix clone button padding (#25763) (#25764) 2023-07-10 00:19:24 +02:00
commit_status.tmpl Make pending commit status yellow again (#25935) (#25968) 2023-07-24 07:58:56 +02:00
commit_statuses.tmpl Button and color enhancements (#24989) (#25176) 2023-06-11 02:13:08 +00:00
commits.tmpl Fix some UI alignments (#25277) (#25290) 2023-06-16 00:32:59 +00:00
commits_list.tmpl Several fixes for mobile UI (#25634) (#25689) 2023-07-07 00:34:00 +02:00
commits_list_small.tmpl Use flex to align SVG and text (#25163) (#25260) 2023-06-14 13:21:48 -04:00
commits_table.tmpl Fix commit compare style (#26209) (#26226) 2023-07-30 07:46:19 +02:00
create.tmpl Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
create_helper.tmpl Add templates to customize text when creating and migrating repositories 2023-01-24 22:36:48 -05:00
empty.tmpl Fix UI on mobile view (#25315) (#25340) 2023-06-18 13:02:41 +00:00
file_info.tmpl Show if File is Executable (#25287) (#25300) 2023-06-16 09:29:26 +00:00
forks.tmpl Remove fomantic ".link" selector and styles (#23888) 2023-04-03 20:47:23 -04:00
graph.tmpl Replace remaining fontawesome dropdown icons with SVG (#24455) 2023-05-01 05:35:02 -04:00
header.tmpl Clarify "text-align" CSS helpers, fix clone button padding (#25763) (#25764) 2023-07-10 00:19:24 +02:00
home.tmpl Hide `add file` button for pull mirrors (#25748) (#25751) 2023-07-07 14:12:59 +00:00
icon.tmpl Move helpers to be prefixed with `gt-` (#22879) 2023-02-13 17:59:59 +00:00
packages.tmpl Add main landmark to templates and adjust titles (#22670) 2023-02-01 22:56:10 +00:00
release_tag_header.tmpl Fix incorrect release count (#25879) (#25887) 2023-07-14 09:32:43 +00:00
search.tmpl Use data-tooltip-content for tippy tooltip (#23649) 2023-03-24 18:35:38 +08:00
search_name.tmpl Clean template/helper.go (#23922) 2023-04-07 03:31:41 -04:00
shabox_badge.tmpl Fix shabox regression (#22924) 2023-02-16 09:37:11 +08:00
sub_menu.tmpl Fix tags header and pretty format numbers (#25624) (#25694) 2023-07-05 07:08:16 +00:00
unicode_escape_prompt.tmpl Clarify "text-align" CSS helpers, fix clone button padding (#25763) (#25764) 2023-07-10 00:19:24 +02:00
upload.tmpl Refactor `i18n` to `locale` (#20153) 2022-06-27 15:58:46 -05:00
user_cards.tmpl Change `join_on` translation to `joined_on` and include placeholder for the date (#24550) 2023-05-06 18:10:30 +08:00
view_file.tmpl Button and color enhancements (#24989) (#25176) 2023-06-11 02:13:08 +00:00
view_list.tmpl Various UI fixes (#25264) (#25431) 2023-06-22 10:19:38 +00:00
watchers.tmpl Fix user-cards format (#24428) 2023-04-29 15:43:01 -04:00