Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix escaping changed title in comments #3530

Merged
merged 3 commits into from
Feb 18, 2018
Merged

Fix escaping changed title in comments #3530

merged 3 commits into from
Feb 18, 2018

Conversation

lafriks
Copy link
Member

@lafriks lafriks commented Feb 18, 2018

Fixes #3510
Also adds escaping to label and milestone names in comments

@lafriks
Fix escaping changed title in comments
26dd197 
Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
@lafriks lafriks added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Feb 18, 2018
@lafriks lafriks added this to the 1.5.0 milestone Feb 18, 2018
@codecov-io
Copy link

codecov-io commented Feb 18, 2018
edited
Loading

Codecov Report

Merging #3530 into master will increase coverage by 0.08%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3530      +/-   ##
==========================================
+ Coverage   35.65%   35.74%   +0.08%     
==========================================
  Files         283      283              
  Lines       40744    40744              
==========================================
+ Hits        14529    14565      +36     
+ Misses      24069    24021      -48     
- Partials     2146     2158      +12
Impacted Files Coverage Δ
modules/process/manager.go 76.81% <0%> (-4.35%) ⬇️
models/repo_indexer.go 48.3% <0%> (ø) ⬆️
routers/repo/issue.go 33.27% <0%> (+0.52%) ⬆️
models/issue_comment.go 54.73% <0%> (+2.07%) ⬆️
models/issue.go 46.77% <0%> (+2.34%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 96c268c...eb7a223. Read the comment docs.

@tboerger tboerger added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 18, 2018
@tboerger tboerger added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 18, 2018
@lafriks
Fix escaping of wiki page titile
00c6ca7 
Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
@tboerger tboerger added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 18, 2018
@lafriks lafriks merged commit ae30315 into go-gitea:master Feb 18, 2018
@lafriks lafriks deleted the fix/pr_title_escape branch February 18, 2018 20:06
lafriks added a commit to lafriks-fork/gitea that referenced this pull request Feb 18, 2018
@lafriks
Fix escaping changed title in comments (go-gitea#3530)
cbc480b 
* Fix escaping changed title in comments

* Fix escaping of wiki page titile

Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
@lafriks lafriks mentioned this pull request Feb 18, 2018
Merged
lafriks added a commit to lafriks-fork/gitea that referenced this pull request Feb 18, 2018
@lafriks
Fix escaping changed title in comments (go-gitea#3530)
3008af7 
* Fix escaping of wiki page titile

Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
@lafriks lafriks mentioned this pull request Feb 18, 2018
Merged
@lafriks lafriks added the backport/done All backports for this PR have been created label Feb 18, 2018
lunny pushed a commit that referenced this pull request Feb 19, 2018
@lafriks @lunny
Fix escaping changed title in comments (#3530) (#3535)
bfe13a2 
* Fix escaping of wiki page titile

Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
appleboy pushed a commit that referenced this pull request Feb 19, 2018
@lafriks @appleboy
Fix escaping changed title in comments (#3530) (#3534)
c503eac 
* Fix escaping changed title in comments

* Fix escaping of wiki page titile

Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
@go-gitea go-gitea locked and limited conversation to collaborators Nov 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Bwko Bwko Bwko approved these changes

@appleboy appleboy appleboy approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
1.5.0
Development

Successfully merging this pull request may close these issues.

XSS in issue and PR titles
5 participants
@lafriks @codecov-io @appleboy @Bwko @tboerger