Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Over-Escaped Wiki Page Title #2872

Closed
2 of 7 tasks
mohammed90 opened this issue Nov 7, 2017 · 1 comment · Fixed by #2956
Closed
2 of 7 tasks

Over-Escaped Wiki Page Title #2872

mohammed90 opened this issue Nov 7, 2017 · 1 comment · Fixed by #2956
Labels
type/bug
Milestone
1.4.0

Comments

@mohammed90
Copy link

  • Gitea version (or commit ref): 61f5c22
  • Git version: 2.7.4
  • Operating system: Linux
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
  • Log gist:

Description

The title of a Wiki page is over-escaped if it contains any special character. It's displayed properly on the main page of the Wiki, here.

Screenshots

gitea wiki overescaped
@lunny lunny added the type/bug label Nov 8, 2017
@lunny lunny added this to the 1.x.x milestone Nov 8, 2017
@makarchuk
Copy link
Contributor

Problem is Sanitatize call in this line.
It was added 9 month ago, but I don't see why. I removed it and still can't get XSS
screenshot from 2017-11-19 15-23-39

@ethantkoenig ethantkoenig mentioned this issue Nov 22, 2017
Merged
@lunny lunny modified the milestones: 1.x.x, 1.4.0 Nov 22, 2017
@go-gitea go-gitea locked and limited conversation to collaborators Nov 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.4.0
Development

Successfully merging a pull request may close this issue.

Fix over-escaped characters ethantkoenig/gitea
3 participants
@lunny @mohammed90 @makarchuk