mirrors
/
forgejo
mirror of
1
Fork 0
Code Issues Releases Activity
forgejo/templates/repo/issue/view_content
History
Gusted 4fdd0ed728
[SECURITY] Fix XSS in dismissed review 
- It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
- Pass `$reviewerName` trough `Escape`.

(cherry picked from commit fe2df46d05)

Conflicts:
	templates/repo/issue/view_content/comments.tmpl
	trivial context conflict
 		2024-02-22 22:44:22 +01:00
..
add_reaction.tmpl Improve and fix bugs surrounding reactions (#24760) 2023-05-28 01:34:18 +00:00
attachments.tmpl
comments.tmpl [SECURITY] Fix XSS in dismissed review 2024-02-22 22:44:22 +01:00
comments_delete_time.tmpl
context_menu.tmpl Fix duplicated url prefix on issue context menu (#26066) (#26067) 2023-07-24 07:59:10 +02:00
pull.tmpl Use flex to align SVG and text (#25163) (#25260) 2023-06-14 13:21:48 -04:00
pull_merge_instruction.tmpl
reactions.tmpl Improve and fix bugs surrounding reactions (#24760) 2023-05-28 01:34:18 +00:00
reference_issue_dialog.tmpl
sidebar.tmpl Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
update_branch_by_merge.tmpl Use flex to align SVG and text (#25163) (#25260) 2023-06-14 13:21:48 -04:00