xss攻击处理

3 years ago · 4c0ae28fc0
--- a/modules/repository/create.go
+++ b/modules/repository/create.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"os"
 	"strings"
 	"text/template"

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/git"
@@ -34,7 +35,7 @@ func CreateRepository(doer, u *models.User, opts models.CreateRepoOptions) (_ *m
 		Name:                            opts.Name,
 		Alias:                           opts.Alias,
 		LowerName:                       strings.ToLower(opts.Name),
 		Description:                     opts.Description,
 		Description:                     template.HTMLEscapeString(opts.Description),
 		OriginalURL:                     opts.OriginalURL,
 		OriginalServiceType:             opts.GitServiceType,
 		IsPrivate:                       opts.IsPrivate,
--- a/routers/api/v1/repo/fork.go
+++ b/routers/api/v1/repo/fork.go
@@ -7,6 +7,7 @@ package repo

 import (
 	"fmt"
 	"html/template"
 	"net/http"

 	"code.gitea.io/gitea/models"
@@ -118,7 +119,7 @@ func CreateFork(ctx *context.APIContext, form api.CreateForkOption) {
 		forker = org
 	}

 	fork, err := repo_service.ForkRepository(ctx.User, forker, repo, repo.Name, repo.Description, repo.Alias)
 	fork, err := repo_service.ForkRepository(ctx.User, forker, repo, repo.Name, template.HTMLEscapeString(repo.Description), repo.Alias)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "ForkRepository", err)
 		return
--- a/routers/repo/repo.go
+++ b/routers/repo/repo.go
@@ -12,6 +12,7 @@ import (
 	"path"
 	"regexp"
 	"strings"
 	"text/template"
 	"unicode/utf8"

 	"code.gitea.io/gitea/modules/validation"
@@ -212,7 +213,7 @@ func CreatePost(ctx *context.Context, form auth.CreateRepoForm) {
 		opts := models.GenerateRepoOptions{
 			Name:        form.RepoName,
 			Alias:       form.Alias,
 			Description: form.Description,
 			Description: template.HTMLEscapeString(form.Description),
 			Private:     form.Private,
 			GitContent:  form.GitContent,
 			Topics:      form.Topics,
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -8,6 +8,7 @@ package repo
 import (
 	"errors"
 	"fmt"
 	"html/template"
 	"io/ioutil"
 	"net/url"
 	"regexp"
@@ -129,7 +130,7 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
 		// In case it's just a case change.
 		repo.Name = newRepoName
 		repo.LowerName = strings.ToLower(newRepoName)
 		repo.Description = form.Description
 		repo.Description = template.HTMLEscapeString(form.Description)
 		repo.Website = form.Website
 		repo.IsTemplate = form.Template
 		repo.Alias = newAlias