finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Security: prevent XSS attach on wiki page

Browse source 
Reported by Miguel Ángel Jimeno.
This commit is contained in:
Unknwon 2017-02-15 18:05:02 -05:00 committed by Kim "BKC" Carlbäcker
parent 43c94d0a6c
commit 134f3e6e09
2 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/templates/helper.go
View file

@ -15,6 +15,7 @@ import (
"strings"
"time"
"github.com/microcosm-cc/bluemonday"
"golang.org/x/net/html/charset"
"golang.org/x/text/transform"
"gopkg.in/editorconfig/editorconfig-core-go.v1"
@ -61,6 +62,7 @@ func NewFuncMap() []template.FuncMap {
},
"AvatarLink": base.AvatarLink,
"Safe": Safe,
"Sanitize": bluemonday.UGCPolicy().Sanitize,
"Str2html": Str2html,
"TimeSince": base.TimeSince,
"RawTimeSince": base.RawTimeSince,