diff --git a/services/mailer/mail_admin_new_user.go b/services/mailer/mail_admin_new_user.go index ecf0ddf5f..aa0571e57 100644 --- a/services/mailer/mail_admin_new_user.go +++ b/services/mailer/mail_admin_new_user.go @@ -55,13 +55,13 @@ func mailNewUser(ctx context.Context, u *user_model.User, lang string, tos []str subject := locale.TrString("mail.admin.new_user.subject", u.Name) body := locale.TrString("mail.admin.new_user.text", manageUserURL) mailMeta := map[string]any{ - "NewUser": u, - "NewUserUrl": u.HTMLURL(), - "Subject": subject, - "Body": body, - "Language": locale.Language(), - "Locale": locale, - "Str2html": templates.Str2html, + "NewUser": u, + "NewUserUrl": u.HTMLURL(), + "Subject": subject, + "Body": body, + "Language": locale.Language(), + "Locale": locale, + "SanitizeHTML": templates.SanitizeHTML, } var mailBody bytes.Buffer diff --git a/templates/admin/dashboard.tmpl b/templates/admin/dashboard.tmpl index 8088315f1..53a12cbe2 100644 --- a/templates/admin/dashboard.tmpl +++ b/templates/admin/dashboard.tmpl @@ -2,7 +2,7 @@
{{if .NeedUpdate}}
-

{{(ctx.Locale.Tr "admin.dashboard.new_version_hint" .RemoteVersion AppVer) | Str2html}}

+

{{(ctx.Locale.Tr "admin.dashboard.new_version_hint" .RemoteVersion AppVer) | SanitizeHTML}}

{{end}}

diff --git a/templates/home.tmpl b/templates/home.tmpl index 78364431e..393525dcd 100644 --- a/templates/home.tmpl +++ b/templates/home.tmpl @@ -17,7 +17,7 @@ {{svg "octicon-flame"}} {{ctx.Locale.Tr "startpage.install"}}

- {{ctx.Locale.Tr "startpage.install_desc" | Str2html}} + {{ctx.Locale.Tr "startpage.install_desc" | SanitizeHTML}}

@@ -25,7 +25,7 @@ {{svg "octicon-device-desktop"}} {{ctx.Locale.Tr "startpage.platform"}}

- {{ctx.Locale.Tr "startpage.platform_desc" | Str2html}} + {{ctx.Locale.Tr "startpage.platform_desc" | SanitizeHTML}}

@@ -35,7 +35,7 @@ {{svg "octicon-rocket"}} {{ctx.Locale.Tr "startpage.lightweight"}}

- {{ctx.Locale.Tr "startpage.lightweight_desc" | Str2html}} + {{ctx.Locale.Tr "startpage.lightweight_desc" | SanitizeHTML}}

@@ -43,7 +43,7 @@ {{svg "octicon-code"}} {{ctx.Locale.Tr "startpage.license"}}

- {{ctx.Locale.Tr "startpage.license_desc" | Str2html}} + {{ctx.Locale.Tr "startpage.license_desc" | SanitizeHTML}}

diff --git a/templates/mail/auth/activate.tmpl b/templates/mail/auth/activate.tmpl index a15afe3d4..c50717d31 100644 --- a/templates/mail/auth/activate.tmpl +++ b/templates/mail/auth/activate.tmpl @@ -8,8 +8,8 @@ {{$activate_url := printf "%suser/activate?code=%s" AppUrl (QueryEscape .Code)}} -

{{.locale.Tr "mail.activate_account.text_1" (.DisplayName|DotEscape) AppName | Str2html}}


-

{{.locale.Tr "mail.activate_account.text_2" .ActiveCodeLives | Str2html}}

{{$activate_url}}


+

{{.locale.Tr "mail.activate_account.text_1" (.DisplayName|DotEscape) AppName | SanitizeHTML}}


+

{{.locale.Tr "mail.activate_account.text_2" .ActiveCodeLives | SanitizeHTML}}

{{$activate_url}}


{{.locale.Tr "mail.link_not_working_do_paste"}}

© {{AppName}}

diff --git a/templates/mail/auth/activate_email.tmpl b/templates/mail/auth/activate_email.tmpl index b15cc2a68..30fcb99ab 100644 --- a/templates/mail/auth/activate_email.tmpl +++ b/templates/mail/auth/activate_email.tmpl @@ -8,8 +8,8 @@ {{$activate_url := printf "%suser/activate_email?code=%s&email=%s" AppUrl (QueryEscape .Code) (QueryEscape .Email)}} -

{{.locale.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}


-

{{.locale.Tr "mail.activate_email.text" .ActiveCodeLives | Str2html}}

{{$activate_url}}


+

{{.locale.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | SanitizeHTML}}


+

{{.locale.Tr "mail.activate_email.text" .ActiveCodeLives | SanitizeHTML}}

{{$activate_url}}


{{.locale.Tr "mail.link_not_working_do_paste"}}

© {{AppName}}

diff --git a/templates/mail/auth/register_notify.tmpl b/templates/mail/auth/register_notify.tmpl index 224c84545..27c685e58 100644 --- a/templates/mail/auth/register_notify.tmpl +++ b/templates/mail/auth/register_notify.tmpl @@ -8,7 +8,7 @@ {{$set_pwd_url := printf "%[1]suser/forgot_password" AppUrl}} -

{{.locale.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}


+

{{.locale.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | SanitizeHTML}}


{{.locale.Tr "mail.register_notify.text_1" AppName}}


{{.locale.Tr "mail.register_notify.text_2" .Username}}

{{AppUrl}}user/login


{{.locale.Tr "mail.register_notify.text_3" $set_pwd_url}}


diff --git a/templates/mail/auth/reset_passwd.tmpl b/templates/mail/auth/reset_passwd.tmpl index 172844c95..e1af5b483 100644 --- a/templates/mail/auth/reset_passwd.tmpl +++ b/templates/mail/auth/reset_passwd.tmpl @@ -8,8 +8,8 @@ {{$recover_url := printf "%suser/recover_account?code=%s" AppUrl (QueryEscape .Code)}} -

{{.locale.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}


-

{{.locale.Tr "mail.reset_password.text" .ResetPwdCodeLives | Str2html}}

{{$recover_url}}


+

{{.locale.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | SanitizeHTML}}


+

{{.locale.Tr "mail.reset_password.text" .ResetPwdCodeLives | SanitizeHTML}}

{{$recover_url}}


{{.locale.Tr "mail.link_not_working_do_paste"}}

© {{AppName}}

diff --git a/templates/mail/issue/default.tmpl b/templates/mail/issue/default.tmpl index 4d467041e..9a893e11f 100644 --- a/templates/mail/issue/default.tmpl +++ b/templates/mail/issue/default.tmpl @@ -16,7 +16,7 @@ - {{if .IsMention}}

{{.locale.Tr "mail.issue.x_mentioned_you" .Doer.Name | Str2html}}

{{end}} + {{if .IsMention}}

{{.locale.Tr "mail.issue.x_mentioned_you" .Doer.Name | SanitizeHTML}}

{{end}} {{if eq .ActionName "push"}}

{{if .Comment.IsForcePush}} @@ -30,7 +30,7 @@ {{.locale.Tr "mail.issue.action.force_push" .Doer.Name .Comment.Issue.PullRequest.HeadBranch $oldCommitLink $newCommitLink}} {{else}} - {{.locale.TrN (len .Comment.Commits) "mail.issue.action.push_1" "mail.issue.action.push_n" .Doer.Name .Comment.Issue.PullRequest.HeadBranch (len .Comment.Commits) | Str2html}} + {{.locale.TrN (len .Comment.Commits) "mail.issue.action.push_1" "mail.issue.action.push_n" .Doer.Name .Comment.Issue.PullRequest.HeadBranch (len .Comment.Commits) | SanitizeHTML}} {{end}}

{{end}} diff --git a/templates/mail/notify/admin_new_user.tmpl b/templates/mail/notify/admin_new_user.tmpl index 34d1584f6..04f90b61a 100644 --- a/templates/mail/notify/admin_new_user.tmpl +++ b/templates/mail/notify/admin_new_user.tmpl @@ -13,9 +13,9 @@ -

{{.Body | Str2html}}

+

{{.Body | SanitizeHTML}}

diff --git a/templates/mail/team_invite.tmpl b/templates/mail/team_invite.tmpl index d21b7843e..67b368f34 100644 --- a/templates/mail/team_invite.tmpl +++ b/templates/mail/team_invite.tmpl @@ -5,7 +5,7 @@ -

{{.locale.Tr "mail.team_invite.text_1" (DotEscape .Inviter.DisplayName) (DotEscape .Team.Name) (DotEscape .Organization.DisplayName) | Str2html}}

+

{{.locale.Tr "mail.team_invite.text_1" (DotEscape .Inviter.DisplayName) (DotEscape .Team.Name) (DotEscape .Organization.DisplayName) | SanitizeHTML}}

{{.locale.Tr "mail.team_invite.text_2"}}

{{.InviteURL}}

{{.locale.Tr "mail.link_not_working_do_paste"}}

{{.locale.Tr "mail.team_invite.text_3" .Invite.Email}}

diff --git a/templates/org/settings/delete.tmpl b/templates/org/settings/delete.tmpl index 2cf8238f5..8c93e7548 100644 --- a/templates/org/settings/delete.tmpl +++ b/templates/org/settings/delete.tmpl @@ -6,7 +6,7 @@
-

{{svg "octicon-alert"}} {{ctx.Locale.Tr "org.settings.delete_prompt" | Str2html}}

+

{{svg "octicon-alert"}} {{ctx.Locale.Tr "org.settings.delete_prompt" | SanitizeHTML}}

{{.CsrfTokenHtml}} diff --git a/templates/org/settings/labels.tmpl b/templates/org/settings/labels.tmpl index b12ea8d9f..56931def8 100644 --- a/templates/org/settings/labels.tmpl +++ b/templates/org/settings/labels.tmpl @@ -2,7 +2,7 @@
- {{ctx.Locale.Tr "org.settings.labels_desc" | Str2html}} + {{ctx.Locale.Tr "org.settings.labels_desc" | SanitizeHTML}}
diff --git a/templates/org/team/invite.tmpl b/templates/org/team/invite.tmpl index e003d1475..5a8780c20 100644 --- a/templates/org/team/invite.tmpl +++ b/templates/org/team/invite.tmpl @@ -7,7 +7,7 @@ {{ctx.AvatarUtils.Avatar .Organization 140}}
-
{{ctx.Locale.Tr "org.teams.invite.title" .Team.Name .Organization.Name | Str2html}}
+
{{ctx.Locale.Tr "org.teams.invite.title" .Team.Name .Organization.Name | SanitizeHTML}}
{{ctx.Locale.Tr "org.teams.invite.by" .Inviter.Name}}
{{ctx.Locale.Tr "org.teams.invite.description"}}
diff --git a/templates/org/team/new.tmpl b/templates/org/team/new.tmpl index 0178a20fb..99b16ee22 100644 --- a/templates/org/team/new.tmpl +++ b/templates/org/team/new.tmpl @@ -32,14 +32,14 @@
- {{ctx.Locale.Tr "org.teams.specific_repositories_helper" | Str2html}} + {{ctx.Locale.Tr "org.teams.specific_repositories_helper" | SanitizeHTML}}
- {{ctx.Locale.Tr "org.teams.all_repositories_helper" | Str2html}} + {{ctx.Locale.Tr "org.teams.all_repositories_helper" | SanitizeHTML}}
diff --git a/templates/org/team/sidebar.tmpl b/templates/org/team/sidebar.tmpl index 509c6382d..e59c0e561 100644 --- a/templates/org/team/sidebar.tmpl +++ b/templates/org/team/sidebar.tmpl @@ -27,16 +27,16 @@ {{if eq .Team.LowerName "owners"}}
- {{ctx.Locale.Tr "org.teams.owners_permission_desc" | Str2html}} + {{ctx.Locale.Tr "org.teams.owners_permission_desc" | SanitizeHTML}}
{{else}}

{{ctx.Locale.Tr "org.team_access_desc"}}

{{if (eq .Team.AccessMode 2)}}

{{ctx.Locale.Tr "org.settings.permission"}}

- {{ctx.Locale.Tr "org.teams.write_permission_desc" | Str2html}} + {{ctx.Locale.Tr "org.teams.write_permission_desc" | SanitizeHTML}} {{else if (eq .Team.AccessMode 3)}}

{{ctx.Locale.Tr "org.settings.permission"}}

- {{ctx.Locale.Tr "org.teams.admin_permission_desc" | Str2html}} + {{ctx.Locale.Tr "org.teams.admin_permission_desc" | SanitizeHTML}} {{else}} diff --git a/templates/repo/blame.tmpl b/templates/repo/blame.tmpl index 3bd5e3694..75104cdcd 100644 --- a/templates/repo/blame.tmpl +++ b/templates/repo/blame.tmpl @@ -2,11 +2,11 @@ {{$revsFileLink := URLJoin .RepoLink "src" .BranchNameSubURL "/.git-blame-ignore-revs"}} {{if .UsesIgnoreRevs}}
-

{{ctx.Locale.Tr "repo.blame.ignore_revs" $revsFileLink (print $revsFileLink "?bypass-blame-ignore=true") | Str2html}}

+

{{ctx.Locale.Tr "repo.blame.ignore_revs" $revsFileLink (print $revsFileLink "?bypass-blame-ignore=true") | SanitizeHTML}}

{{else}}
-

{{ctx.Locale.Tr "repo.blame.ignore_revs.failed" $revsFileLink | Str2html}}

+

{{ctx.Locale.Tr "repo.blame.ignore_revs.failed" $revsFileLink | SanitizeHTML}}

{{end}} {{end}} diff --git a/templates/repo/branch/list.tmpl b/templates/repo/branch/list.tmpl index 8ae7301c4..4aa0e22b7 100644 --- a/templates/repo/branch/list.tmpl +++ b/templates/repo/branch/list.tmpl @@ -210,7 +210,7 @@ {{ctx.Locale.Tr "repo.branch.delete_html"}}
-

{{ctx.Locale.Tr "repo.branch.delete_desc" | Str2html}}

+

{{ctx.Locale.Tr "repo.branch.delete_desc" | SanitizeHTML}}

{{template "base/modal_actions_confirm" .}} diff --git a/templates/repo/create.tmpl b/templates/repo/create.tmpl index d6ff22b7a..1ddf2c480 100644 --- a/templates/repo/create.tmpl +++ b/templates/repo/create.tmpl @@ -158,7 +158,7 @@ {{end}} - {{ctx.Locale.Tr "repo.license_helper_desc" "https://choosealicense.com/" | Str2html}} + {{ctx.Locale.Tr "repo.license_helper_desc" "https://choosealicense.com/" | SanitizeHTML}}
diff --git a/templates/repo/diff/box.tmpl b/templates/repo/diff/box.tmpl index 1a78c4e8b..f9f18208e 100644 --- a/templates/repo/diff/box.tmpl +++ b/templates/repo/diff/box.tmpl @@ -19,7 +19,7 @@ {{end}} {{if not .DiffNotAvailable}}
- {{svg "octicon-diff" 16 "gt-mr-2"}}{{ctx.Locale.Tr "repo.diff.stats_desc" .Diff.NumFiles .Diff.TotalAddition .Diff.TotalDeletion | Str2html}} + {{svg "octicon-diff" 16 "gt-mr-2"}}{{ctx.Locale.Tr "repo.diff.stats_desc" .Diff.NumFiles .Diff.TotalAddition .Diff.TotalDeletion | SanitizeHTML}}
{{end}}
diff --git a/templates/repo/diff/stats.tmpl b/templates/repo/diff/stats.tmpl index db468ab6c..64ee17a7c 100644 --- a/templates/repo/diff/stats.tmpl +++ b/templates/repo/diff/stats.tmpl @@ -1,5 +1,5 @@ {{Eval .file.Addition "+" .file.Deletion}} - + {{/* if the denominator is zero, then the float result is "width: NaNpx", as before, it just works */}}
diff --git a/templates/repo/empty.tmpl b/templates/repo/empty.tmpl index 62194abe5..7a0e6926c 100644 --- a/templates/repo/empty.tmpl +++ b/templates/repo/empty.tmpl @@ -24,7 +24,7 @@
-

{{ctx.Locale.Tr "repo.clone_this_repo"}} {{ctx.Locale.Tr "repo.clone_helper" "http://git-scm.com/book/en/Git-Basics-Getting-a-Git-Repository" | Str2html}}

+

{{ctx.Locale.Tr "repo.clone_this_repo"}} {{ctx.Locale.Tr "repo.clone_helper" "http://git-scm.com/book/en/Git-Basics-Getting-a-Git-Repository" | SanitizeHTML}}

{{if and .CanWriteCode (not .Repository.IsArchived)}} diff --git a/templates/repo/issue/labels/label_list.tmpl b/templates/repo/issue/labels/label_list.tmpl index 9a6065a40..252b5816b 100644 --- a/templates/repo/issue/labels/label_list.tmpl +++ b/templates/repo/issue/labels/label_list.tmpl @@ -61,7 +61,7 @@
  • - {{ctx.Locale.Tr "repo.org_labels_desc" | Str2html}} + {{ctx.Locale.Tr "repo.org_labels_desc" | SanitizeHTML}} {{if .IsOrganizationOwner}} ({{ctx.Locale.Tr "repo.org_labels_desc_manage"}}): {{end}} diff --git a/templates/repo/issue/view_content.tmpl b/templates/repo/issue/view_content.tmpl index 9b2a29a0b..3bb26496c 100644 --- a/templates/repo/issue/view_content.tmpl +++ b/templates/repo/issue/view_content.tmpl @@ -181,7 +181,7 @@ {{ctx.Locale.Tr "repo.branch.delete" .HeadTarget}}
    -

    {{ctx.Locale.Tr "repo.branch.delete_desc" | Str2html}}

    +

    {{ctx.Locale.Tr "repo.branch.delete_desc" | SanitizeHTML}}

    {{template "base/modal_actions_confirm" .}}
    diff --git a/templates/repo/migrate/options.tmpl b/templates/repo/migrate/options.tmpl index 1bc30b886..d0235a0f8 100644 --- a/templates/repo/migrate/options.tmpl +++ b/templates/repo/migrate/options.tmpl @@ -17,7 +17,7 @@ ({{ctx.Locale.Tr "repo.settings.advanced_settings"}})
  • - {{ctx.Locale.Tr "repo.migrate_options_lfs_endpoint.description" "https://github.com/git-lfs/git-lfs/blob/main/docs/api/server-discovery.md#server-discovery" | Str2html}}{{if .ContextUser.CanImportLocal}} {{ctx.Locale.Tr "repo.migrate_options_lfs_endpoint.description.local"}}{{end}} + {{ctx.Locale.Tr "repo.migrate_options_lfs_endpoint.description" "https://github.com/git-lfs/git-lfs/blob/main/docs/api/server-discovery.md#server-discovery" | SanitizeHTML}}{{if .ContextUser.CanImportLocal}} {{ctx.Locale.Tr "repo.migrate_options_lfs_endpoint.description.local"}}{{end}}
    diff --git a/templates/repo/release/list.tmpl b/templates/repo/release/list.tmpl index c26a58f23..541af86ff 100644 --- a/templates/repo/release/list.tmpl +++ b/templates/repo/release/list.tmpl @@ -54,7 +54,7 @@ {{TimeSinceUnix $release.CreatedUnix ctx.Locale}} {{end}} {{if and (not $release.IsDraft) ($.Permission.CanRead $.UnitTypeCode)}} - | {{ctx.Locale.Tr "repo.release.ahead.commits" $release.NumCommitsBehind | Str2html}} {{ctx.Locale.Tr "repo.release.ahead.target" $release.TargetBehind}} + | {{ctx.Locale.Tr "repo.release.ahead.commits" $release.NumCommitsBehind | SanitizeHTML}} {{ctx.Locale.Tr "repo.release.ahead.target" $release.TargetBehind}} {{end}}

    diff --git a/templates/repo/settings/deploy_keys.tmpl b/templates/repo/settings/deploy_keys.tmpl index 3ea854ef8..0b0f56520 100644 --- a/templates/repo/settings/deploy_keys.tmpl +++ b/templates/repo/settings/deploy_keys.tmpl @@ -31,7 +31,7 @@ - {{ctx.Locale.Tr "repo.settings.is_writable_info" | Str2html}} + {{ctx.Locale.Tr "repo.settings.is_writable_info" | SanitizeHTML}}
    {{if and .has_two_factor (not .scratch_code)}} - {{ctx.Locale.Tr "auth.use_scratch_code" | Str2html}} + {{ctx.Locale.Tr "auth.use_scratch_code" | SanitizeHTML}} {{end}}
    {{else}} -

    {{ctx.Locale.Tr "auth.invalid_code_forgot_password" (printf "%s/user/forgot_password" AppSubUrl) | Str2html}}

    +

    {{ctx.Locale.Tr "auth.invalid_code_forgot_password" (printf "%s/user/forgot_password" AppSubUrl) | SanitizeHTML}}

    {{end}}
    diff --git a/templates/user/auth/signin_inner.tmpl b/templates/user/auth/signin_inner.tmpl index 40e54ec8f..15733eb9b 100644 --- a/templates/user/auth/signin_inner.tmpl +++ b/templates/user/auth/signin_inner.tmpl @@ -48,7 +48,7 @@ {{if .ShowRegistrationButton}} {{end}} diff --git a/templates/user/auth/twofa.tmpl b/templates/user/auth/twofa.tmpl index d32511415..8a898c7dd 100644 --- a/templates/user/auth/twofa.tmpl +++ b/templates/user/auth/twofa.tmpl @@ -17,7 +17,7 @@
    diff --git a/templates/user/settings/account.tmpl b/templates/user/settings/account.tmpl index c7bf3c0a4..b9dc3a9ce 100644 --- a/templates/user/settings/account.tmpl +++ b/templates/user/settings/account.tmpl @@ -134,9 +134,9 @@
    -

    {{svg "octicon-alert"}} {{ctx.Locale.Tr "settings.delete_prompt" | Str2html}}

    +

    {{svg "octicon-alert"}} {{ctx.Locale.Tr "settings.delete_prompt" | SanitizeHTML}}

    {{if .UserDeleteWithComments}} -

    {{ctx.Locale.Tr "settings.delete_with_all_comments" .UserDeleteWithCommentsMaxTime | Str2html}}

    +

    {{ctx.Locale.Tr "settings.delete_with_all_comments" .UserDeleteWithCommentsMaxTime | SanitizeHTML}}

    {{end}}
    diff --git a/templates/user/settings/keys_gpg.tmpl b/templates/user/settings/keys_gpg.tmpl index 981cfd810..3ab066c95 100644 --- a/templates/user/settings/keys_gpg.tmpl +++ b/templates/user/settings/keys_gpg.tmpl @@ -43,7 +43,7 @@

    {{ctx.Locale.Tr "settings.gpg_desc"}}
    - {{ctx.Locale.Tr "settings.gpg_helper" "https://docs.codeberg.org/security/gpg-key/" | Str2html}} + {{ctx.Locale.Tr "settings.gpg_helper" "https://docs.codeberg.org/security/gpg-key/" | SanitizeHTML}}

    {{range .GPGKeys}} diff --git a/templates/user/settings/keys_ssh.tmpl b/templates/user/settings/keys_ssh.tmpl index dc3179fdd..9045b6c27 100644 --- a/templates/user/settings/keys_ssh.tmpl +++ b/templates/user/settings/keys_ssh.tmpl @@ -31,7 +31,7 @@

    {{ctx.Locale.Tr "settings.ssh_desc"}}
    - {{ctx.Locale.Tr "settings.ssh_helper" "https://docs.codeberg.org/security/ssh-key/" "https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/troubleshooting-ssh" | Str2html}} + {{ctx.Locale.Tr "settings.ssh_helper" "https://docs.codeberg.org/security/ssh-key/" "https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/troubleshooting-ssh" | SanitizeHTML}}

    {{if .DisableSSH}} diff --git a/templates/user/settings/security/twofa.tmpl b/templates/user/settings/security/twofa.tmpl index 2f15fe13f..87cc90e47 100644 --- a/templates/user/settings/security/twofa.tmpl +++ b/templates/user/settings/security/twofa.tmpl @@ -4,7 +4,7 @@

    {{ctx.Locale.Tr "settings.twofa_desc"}}

    {{if .TOTPEnrolled}} -

    {{ctx.Locale.Tr "settings.twofa_is_enrolled" | Str2html}}

    +

    {{ctx.Locale.Tr "settings.twofa_is_enrolled" | SanitizeHTML}}

    {{.CsrfTokenHtml}}

    {{ctx.Locale.Tr "settings.regenerate_scratch_token_desc"}}

    diff --git a/templates/user/settings/security/webauthn.tmpl b/templates/user/settings/security/webauthn.tmpl index e582b801d..a7fa04a52 100644 --- a/templates/user/settings/security/webauthn.tmpl +++ b/templates/user/settings/security/webauthn.tmpl @@ -1,6 +1,6 @@

    {{ctx.Locale.Tr "settings.webauthn"}}

    -

    {{ctx.Locale.Tr "settings.webauthn_desc" | Str2html}}

    +

    {{ctx.Locale.Tr "settings.webauthn_desc" | SanitizeHTML}}

    {{ctx.Locale.Tr "settings.webauthn_key_loss_warning"}} {{ctx.Locale.Tr "settings.webauthn_alternative_tip"}}

    {{template "user/auth/webauthn_error" .}}