Skip to content

HTML-escape plain-text READMEs in previews #4192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lafriks merged 3 commits into from
Jun 10, 2018
Merged

HTML-escape plain-text READMEs in previews #4192

lafriks merged 3 commits into from
Jun 10, 2018

Conversation

@antiprime
Copy link

@antiprime antiprime commented Jun 8, 2018

Previews of plain-text README files are not currently HTML-escaped; this causes issues when READMEs contain characters like < and >, including constructs like Copyright 2018 Example <[email protected]>, which currently renders as Copyright 2018 Example.

This PR ensures that plain-text READMEs are HTML-escaped.

@codecov-io
Copy link

codecov-io commented Jun 8, 2018
edited
Loading

Codecov Report

Merging #4192 into master will increase coverage by <.01%.
The diff coverage is 0%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4192      +/-   ##
==========================================
+ Coverage   19.96%   19.97%   +<.01%     
==========================================
  Files         153      153              
  Lines       30494    30498       +4     
==========================================
+ Hits         6088     6091       +3     
- Misses      23491    23493       +2     
+ Partials      915      914       -1
Impacted Files Coverage Δ
routers/repo/view.go 0% <0%> (ø) ⬆️
modules/process/manager.go 73.91% <0%> (+4.34%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update af57d6a...8eaca6d. Read the comment docs.

@bkcsoft bkcsoft added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jun 8, 2018
@lunny lunny added type/bug topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! labels Jun 9, 2018
@lunny lunny added this to the 1.5.0 milestone Jun 9, 2018
@bkcsoft bkcsoft added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jun 9, 2018
daviian
daviian suggested changes Jun 9, 2018
View reviewed changes
Copy link
Member

@daviian daviian left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nickolas360 Does it really work for you? At least it doesn't work for me. Your example renders as you've described after applying your PR.

@bkcsoft bkcsoft added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jun 9, 2018
@lafriks lafriks merged commit 2bb73fe into go-gitea:master Jun 10, 2018
@lafriks
Copy link
Member

lafriks commented Jun 10, 2018

@nickolas360 can you please backport this (by cherry-pick 2bb73fe) to release/v1.4?

@antiprime antiprime mentioned this pull request Jun 10, 2018
Merged
@lafriks lafriks added the backport/done All backports for this PR have been created label Jun 11, 2018
lafriks pushed a commit that referenced this pull request Jun 19, 2018
@lafriks
HTML-escape text READMEs (#4192) (#4214)
caee487
@ghost
Copy link

ghost commented Jun 27, 2018
edited by ghost
Loading

BTW, it's related to #3903 but fix only a part of it.
EDIT: I'm talking about markdown escaping.

@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

@lafriks lafriks lafriks approved these changes

+1 more reviewer

@daviian daviian daviian approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug

Projects

None yet

Milestone

1.5.0

Development

Successfully merging this pull request may close these issues.

7 participants

@antiprime @codecov-io @lafriks @techknowlogick @daviian @lunny @bkcsoft