pkg/context: apply EscapePound at context level

Always escape template variable {{.Link}} variable and  redirect calls.

Relates to #5442

3 files changed, 4 insertions, 4 deletions

diff --git a/templates/repo/issue/new_form.tmpl b/templates/repo/issue/new_form.tmpl
index d3f9f710..c2f215e2 100644
--- a/templates/repo/issue/new_form.tmpl
+++ b/templates/repo/issue/new_form.tmpl
@@ -1,4 +1,4 @@
-<form class="ui comment form grid" action="{{EscapePound .Link}}" method="post">
+<form class="ui comment form grid" action="{{.Link}}" method="post">
 	{{.CSRFTokenHTML}}
 	{{if .Flash}}
 		<div class="sixteen wide column">
diff --git a/templates/repo/settings/protected_branch.tmpl b/templates/repo/settings/protected_branch.tmpl
index 10495718..e9367fe0 100644
--- a/templates/repo/settings/protected_branch.tmpl
+++ b/templates/repo/settings/protected_branch.tmpl
@@ -11,7 +11,7 @@
 				</h4>
 				<div class="ui attached segment branch-protection">
 					<p>{{.i18n.Tr "repo.settings.branch_protection_desc" .Branch.Name | Str2html}}</p>
-					<form class="ui form" action="{{EscapePound .Link}}" method="post">
+					<form class="ui form" action="{{.Link}}" method="post">
 						{{.CSRFTokenHTML}}
 						<div class="inline field">
 							<div class="ui checkbox">
@@ -83,4 +83,4 @@
 		</div>
 	</div>
 </div>
-{{template "base/footer" .}}
\ No newline at end of file
+{{template "base/footer" .}}
diff --git a/templates/repo/wiki/new.tmpl b/templates/repo/wiki/new.tmpl
index 74069758..13ba3b9f 100644
--- a/templates/repo/wiki/new.tmpl
+++ b/templates/repo/wiki/new.tmpl
@@ -11,7 +11,7 @@
 				</div>
 			{{end}}
 		</div>
-		<form class="ui form" action="{{EscapePound .Link}}" method="post">
+		<form class="ui form" action="{{.Link}}" method="post">
 			{{.CSRFTokenHTML}}
 			<input type="hidden" name="old_title" value="{{.old_title}}">
 			<div class="field {{if .Err_Title}}error{{end}}">