From 263d4093260707c6249eecb52ad52a0205e61351 Mon Sep 17 00:00:00 2001 From: Unknwon Date: Sat, 4 Oct 2014 17:15:22 -0400 Subject: Basic xss prevention --- models/repo.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'models') diff --git a/models/repo.go b/models/repo.go index a79c2491..8e29b335 100644 --- a/models/repo.go +++ b/models/repo.go @@ -23,6 +23,7 @@ import ( "github.com/Unknwon/cae/zip" "github.com/Unknwon/com" + "github.com/gogits/gogs/modules/base" "github.com/gogits/gogs/modules/git" "github.com/gogits/gogs/modules/log" "github.com/gogits/gogs/modules/process" @@ -48,7 +49,7 @@ var ( ) var ( - DescriptionPattern = regexp.MustCompile(`https?://\S+`) + DescPattern = regexp.MustCompile(`https?://\S+`) ) func LoadRepoConfig() { @@ -181,7 +182,7 @@ func (repo *Repository) DescriptionHtml() template.HTML { ss := html.EscapeString(s) return fmt.Sprintf(`%s`, ss, ss) } - return template.HTML(DescriptionPattern.ReplaceAllStringFunc(repo.Description, sanitize)) + return template.HTML(DescPattern.ReplaceAllStringFunc(base.XSSString(repo.Description), sanitize)) } // IsRepositoryExist returns true if the repository with given name under user has already existed. -- cgit v1.2.3