forked from gitea/gitea
1
0
Fork 0

fix: remove `str2html` from org full name (#1360)

* fix: remove str2html for security issue.

* fix: update
This commit is contained in:
Bo-Yi Wu 2017-04-06 09:31:31 +08:00 committed by Lunny Xiao
parent e7493e953f
commit 0cee52e0d3
5 changed files with 5 additions and 5 deletions

View File

@ -4,7 +4,7 @@
<div class="column"> <div class="column">
<div class="ui header"> <div class="ui header">
<img class="ui image" src="{{.RelAvatarLink}}?s=100"> <img class="ui image" src="{{.RelAvatarLink}}?s=100">
<span class="text thin grey"><a href="{{.HomeLink}}">{{.DisplayName | Str2html}}</a></span> <span class="text thin grey"><a href="{{.HomeLink}}">{{.DisplayName}}</a></span>
<div class="ui right"> <div class="ui right">
<div class="ui menu"> <div class="ui menu">

View File

@ -6,7 +6,7 @@
<img class="ui left" id="org-avatar" src="{{.Org.RelAvatarLink}}?s=140"/> <img class="ui left" id="org-avatar" src="{{.Org.RelAvatarLink}}?s=140"/>
<div id="org-info"> <div id="org-info">
<div class="ui header"> <div class="ui header">
{{.Org.DisplayName | Str2html}} {{.Org.DisplayName}}
{{if .IsOrganizationOwner}}<a class="text grey" href="{{.OrgLink}}/settings"><span class="octicon octicon-gear"></span></a>{{end}} {{if .IsOrganizationOwner}}<a class="text grey" href="{{.OrgLink}}/settings"><span class="octicon octicon-gear"></span></a>{{end}}
</div> </div>
{{if .Org.Description}}<p class="desc">{{.Org.Description}}</p>{{end}} {{if .Org.Description}}<p class="desc">{{.Org.Description}}</p>{{end}}

View File

@ -4,7 +4,7 @@
<div class="ui container"> <div class="ui container">
<div id="invite-box"> <div id="invite-box">
{{template "base/alert" .}} {{template "base/alert" .}}
<h2>{{.i18n.Tr "org.members.invite_desc" .Org.DisplayName | Str2html}}</h2> <h2>{{.i18n.Tr "org.members.invite_desc" .Org.DisplayName}}</h2>
<form class="ui form" action="{{.Link}}" method="post"> <form class="ui form" action="{{.Link}}" method="post">
{{.CsrfTokenHtml}} {{.CsrfTokenHtml}}
<div class="inline field ui left"> <div class="inline field ui left">

View File

@ -18,7 +18,7 @@
</div> </div>
<div class="field {{if .Err_FullName}}error{{end}}"> <div class="field {{if .Err_FullName}}error{{end}}">
<label for="full_name">{{.i18n.Tr "org.org_full_name_holder"}}</label> <label for="full_name">{{.i18n.Tr "org.org_full_name_holder"}}</label>
<input id="full_name" name="full_name" value="{{.Org.FullName | Str2html}}"> <input id="full_name" name="full_name" value="{{.Org.FullName}}">
</div> </div>
<div class="field {{if .Err_Description}}error{{end}}"> <div class="field {{if .Err_Description}}error{{end}}">
<label for="description">{{$.i18n.Tr "org.org_desc"}}</label> <label for="description">{{$.i18n.Tr "org.org_desc"}}</label>

View File

@ -17,7 +17,7 @@
{{end}} {{end}}
<a href="{{.HomeLink}}"> <a href="{{.HomeLink}}">
<img class="ui avatar image" src="{{.RelAvatarLink}}"> <img class="ui avatar image" src="{{.RelAvatarLink}}">
{{.DisplayName | Str2html}} {{.DisplayName}}
</a> </a>
</div> </div>
{{end}} {{end}}