third_party
/
gitea
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Stop sanitizing full name in API (#17396)

Browse Source 
The API convert.toUser function makes the incorrect assumption that full names could
be rendered as is without being escaped. It therefore runs the names through
markup.Sanitize which leads to a double escape of user full names. This
pr stops this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
tokarchuk/v1.17
zeripath 4 years ago committed by GitHub
parent 23d36929bc
commit af96286f22
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      modules/convert/user.go

3
modules/convert/user.go
Unescape View File

@ -6,7 +6,6 @@ package convert
import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/markup"
api "code.gitea.io/gitea/modules/structs"
)
@ -49,7 +48,7 @@ func toUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{
ID: user.ID,
UserName: user.Name,
FullName: markup.Sanitize(user.FullName),
FullName: user.FullName,
Email: user.GetEmail(),
AvatarURL: user.AvatarLink(),
Created: user.CreatedUnix.AsTime(),

Write Preview
Loading…
Cancel
Save