diff options
| author | Unknwon <u@gogs.io> | 2018-09-28 23:56:45 -0400 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2018-09-28 23:56:45 -0400 |
| commit | 0d66b1cc1c8c44c041f5274f967535d62bd371e1 (patch) | |
| tree | 2d1cc270322f9a03768da18e55f12e65ec7a2511 /pkg/template | |
| parent | 1843354d88b4998a93fc0165ccca760977be3e73 (diff) | |
pkg/context: apply EscapePound at context level
Always escape template variable {{.Link}} variable and redirect calls.
Relates to #5442
Diffstat (limited to 'pkg/template')
| -rw-r--r-- | pkg/template/template.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkg/template/template.go b/pkg/template/template.go index ff9921e7..8a85980a 100644 --- a/pkg/template/template.go +++ b/pkg/template/template.go @@ -64,7 +64,7 @@ func NewFuncMap() []template.FuncMap { "AppendAvatarSize": tool.AppendAvatarSize, "Safe": Safe, "Sanitize": bluemonday.UGCPolicy().Sanitize, - "Str2html": Str2html, + "Str2html": Str2HTML, "NewLine2br": NewLine2br, "TimeSince": tool.TimeSince, "RawTimeSince": tool.RawTimeSince, @@ -127,7 +127,7 @@ func Safe(raw string) template.HTML { return template.HTML(raw) } -func Str2html(raw string) template.HTML { +func Str2HTML(raw string) template.HTML { return template.HTML(markup.Sanitize(raw)) } |