From 3e94ac5c7c6751919453fdb66ba3472e2793759e Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Wed, 13 Mar 2024 21:32:30 +0800 Subject: [PATCH] Improve QueryEscape helper function (#29768) Make it return "template.URL" to follow Golang template's context auto-escaping. --- modules/templates/helper.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 0997239a55ad..24520647499a 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -38,7 +38,7 @@ func NewFuncMap() template.FuncMap { "SafeHTML": SafeHTML, "HTMLFormat": HTMLFormat, "HTMLEscape": HTMLEscape, - "QueryEscape": url.QueryEscape, + "QueryEscape": QueryEscape, "JSEscape": JSEscapeSafe, "SanitizeHTML": SanitizeHTML, "URLJoin": util.URLJoin, @@ -226,6 +226,10 @@ func JSEscapeSafe(s string) template.HTML { return template.HTML(template.JSEscapeString(s)) } +func QueryEscape(s string) template.URL { + return template.URL(url.QueryEscape(s)) +} + // DotEscape wraps a dots in names with ZWJ [U+200D] in order to prevent autolinkers from detecting these as urls func DotEscape(raw string) string { return strings.ReplaceAll(raw, ".", "\u200d.\u200d")