Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix escaping issue in diff #14153

Merged
merged 1 commit into from
Dec 26, 2020
Merged

Fix escaping issue in diff #14153

merged 1 commit into from
Dec 26, 2020

Conversation

zeripath
Copy link
Contributor

Ensure that linecontent is escaped before passing to template.HTML

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath
Fix escaping issue in diff
35b5885 
Ensure that linecontent is escaped before passing to template.HTML

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath added this to the 1.14.0 milestone Dec 26, 2020
@zeripath zeripath mentioned this pull request Dec 26, 2020
Merged
@zeripath zeripath added backport/v1.13 backport/done All backports for this PR have been created labels Dec 26, 2020
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Dec 26, 2020
@codecov-io
Copy link

Codecov Report

Merging #14153 (35b5885) into master (a19447a) will decrease coverage by 0.06%.
The diff coverage is 39.72%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #14153      +/-   ##
==========================================
- Coverage   42.36%   42.29%   -0.07%     
==========================================
  Files         727      727              
  Lines       77931    77999      +68     
==========================================
- Hits        33013    32990      -23     
- Misses      39513    39605      +92     
+ Partials     5405     5404       -1
Impacted Files Coverage Δ
routers/user/setting/keys.go 11.11% <13.33%> (+0.31%) ⬆️
routers/api/v1/user/key.go 53.39% <28.57%> (-1.25%) ⬇️
models/ssh_key.go 46.47% <48.97%> (+0.17%) ⬆️
services/gitdiff/gitdiff.go 68.99% <50.00%> (-2.00%) ⬇️
models/unit_tests.go 41.28% <0.00%> (-33.03%) ⬇️
models/project.go 18.30% <0.00%> (-28.17%) ⬇️
models/unit.go 41.09% <0.00%> (-5.48%) ⬇️
modules/charset/charset.go 73.03% <0.00%> (-2.25%) ⬇️
modules/queue/unique_queue_disk_channel.go 53.84% <0.00%> (-1.54%) ⬇️
... and 6 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5a1ccac...35b5885. Read the comment docs.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 26, 2020
@zeripath zeripath merged commit 236e70f into go-gitea:master Dec 26, 2020
@zeripath zeripath deleted the fix-escaping-issue branch December 26, 2020 21:58
@go-gitea go-gitea locked and limited conversation to collaborators Feb 11, 2021
@6543 6543 added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Mar 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

@jolheiser jolheiser jolheiser approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.14.0
Development

Successfully merging this pull request may close these issues.
6 participants
@zeripath @codecov-io @techknowlogick @jolheiser @GiteaBot @6543