New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTML-escape plain-text READMEs in previews #4192

Merged
merged 3 commits into from Jun 10, 2018

Conversation

@nickolas360
Contributor

nickolas360 commented Jun 8, 2018

Previews of plain-text README files are not currently HTML-escaped; this causes issues when READMEs contain characters like < and >, including constructs like Copyright 2018 Example <me@example.com>, which currently renders as Copyright 2018 Example.

This PR ensures that plain-text READMEs are HTML-escaped.

@codecov-io

This comment has been minimized.

codecov-io commented Jun 8, 2018

Codecov Report

Merging #4192 into master will increase coverage by <.01%.
The diff coverage is 0%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4192      +/-   ##
==========================================
+ Coverage   19.96%   19.97%   +<.01%     
==========================================
  Files         153      153              
  Lines       30494    30498       +4     
==========================================
+ Hits         6088     6091       +3     
- Misses      23491    23493       +2     
+ Partials      915      914       -1
Impacted Files Coverage Δ
routers/repo/view.go 0% <0%> (ø) ⬆️
modules/process/manager.go 73.91% <0%> (+4.34%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update af57d6a...8eaca6d. Read the comment docs.

@bkcsoft bkcsoft added the lgtm/need 2 label Jun 8, 2018

@lunny lunny added this to the 1.5.0 milestone Jun 9, 2018

@lunny lunny added the backport/v1.4 label Jun 9, 2018

@bkcsoft bkcsoft added lgtm/need 1 and removed lgtm/need 2 labels Jun 9, 2018

@daviian

daviian requested changes Jun 9, 2018 edited

@nickolas360 Does it really work for you? At least it doesn't work for me. Your example renders as you've described after applying your PR.

@daviian

daviian approved these changes Jun 9, 2018

@bkcsoft bkcsoft added lgtm/done and removed lgtm/need 1 labels Jun 9, 2018

@lafriks

lafriks approved these changes Jun 9, 2018

@lafriks lafriks merged commit 2bb73fe into go-gitea:master Jun 10, 2018

2 checks passed

approvals/lgtm this commit looks good
continuous-integration/drone/pr the build was successful
Details
@lafriks

This comment has been minimized.

Member

lafriks commented Jun 10, 2018

@nickolas360 can you please backport this (by cherry-pick 2bb73fe) to release/v1.4?

nickolas360 added a commit to nickolas360/gitea that referenced this pull request Jun 10, 2018

lafriks added a commit that referenced this pull request Jun 19, 2018

aunger added a commit to aunger/gitea that referenced this pull request Jun 21, 2018

@ghost

This comment has been minimized.

ghost commented Jun 27, 2018

BTW, it's related to #3903 but fix only a part of it.
EDIT: I'm talking about markdown escaping.

HoffmannP pushed a commit to HoffmannP/gitea that referenced this pull request Nov 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment