mirrors
/
forgejo
mirror of
1
Fork 0
Code Issues Releases Activity
forgejo/templates
History
Gusted 4fdd0ed728
[SECURITY] Fix XSS in dismissed review 
- It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
- Pass `$reviewerName` trough `Escape`.

(cherry picked from commit fe2df46d05)

Conflicts:
	templates/repo/issue/view_content/comments.tmpl
	trivial context conflict
 		2024-02-22 22:44:22 +01:00
..
admin [BRANDING] define the forgejo webhook type 2023-08-21 07:22:16 +02:00
api/packages/pypi
base
code
custom
devtest
explore Fix incorrect sort link with `.profile` repository (#26374) (#26379) 2023-08-21 07:22:18 +02:00
mail
org Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
package
projects Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
repo [SECURITY] Fix XSS in dismissed review 2024-02-22 22:44:22 +01:00
shared [BRANDING] gitea logo for gitea webhooks 2023-09-01 11:56:05 +02:00
status
swagger [BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP 2023-11-14 13:17:12 +01:00
user Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
home.tmpl
install.tmpl Remove duplicated button in Install web page (#27941) 2023-11-14 13:17:12 +01:00
post-install.tmpl