forked from gitea/gitea
1
0
Fork 0

fix: remove `str2html` from org full name (#1360)

* fix: remove str2html for security issue.

* fix: update
This commit is contained in:
Bo-Yi Wu 2017-04-06 09:31:31 +08:00 committed by Lunny Xiao
parent e7493e953f
commit 0cee52e0d3
5 changed files with 5 additions and 5 deletions

View File

@ -4,7 +4,7 @@
<div class="column">
<div class="ui header">
<img class="ui image" src="{{.RelAvatarLink}}?s=100">
<span class="text thin grey"><a href="{{.HomeLink}}">{{.DisplayName | Str2html}}</a></span>
<span class="text thin grey"><a href="{{.HomeLink}}">{{.DisplayName}}</a></span>
<div class="ui right">
<div class="ui menu">

View File

@ -6,7 +6,7 @@
<img class="ui left" id="org-avatar" src="{{.Org.RelAvatarLink}}?s=140"/>
<div id="org-info">
<div class="ui header">
{{.Org.DisplayName | Str2html}}
{{.Org.DisplayName}}
{{if .IsOrganizationOwner}}<a class="text grey" href="{{.OrgLink}}/settings"><span class="octicon octicon-gear"></span></a>{{end}}
</div>
{{if .Org.Description}}<p class="desc">{{.Org.Description}}</p>{{end}}

View File

@ -4,7 +4,7 @@
<div class="ui container">
<div id="invite-box">
{{template "base/alert" .}}
<h2>{{.i18n.Tr "org.members.invite_desc" .Org.DisplayName | Str2html}}</h2>
<h2>{{.i18n.Tr "org.members.invite_desc" .Org.DisplayName}}</h2>
<form class="ui form" action="{{.Link}}" method="post">
{{.CsrfTokenHtml}}
<div class="inline field ui left">

View File

@ -18,7 +18,7 @@
</div>
<div class="field {{if .Err_FullName}}error{{end}}">
<label for="full_name">{{.i18n.Tr "org.org_full_name_holder"}}</label>
<input id="full_name" name="full_name" value="{{.Org.FullName | Str2html}}">
<input id="full_name" name="full_name" value="{{.Org.FullName}}">
</div>
<div class="field {{if .Err_Description}}error{{end}}">
<label for="description">{{$.i18n.Tr "org.org_desc"}}</label>

View File

@ -17,7 +17,7 @@
{{end}}
<a href="{{.HomeLink}}">
<img class="ui avatar image" src="{{.RelAvatarLink}}">
{{.DisplayName | Str2html}}
{{.DisplayName}}
</a>
</div>
{{end}}