Infrastructure/forgejo
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-06 22:50:15 -05:00
Code Issues Activity
forgejo/templates/repo
History
Gusted 4fdd0ed728
[SECURITY] Fix XSS in dismissed review 
- It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
- Pass `$reviewerName` trough `Escape`.

(cherry picked from commit fe2df46d05)

Conflicts:
	templates/repo/issue/view_content/comments.tmpl
	trivial context conflict
2024-02-22 22:44:22 +01:00
..
actions Actions list enhancements (#25601) (#25678) 2023-07-04 13:00:34 +00:00
branch Several fixes for mobile UI (#25634) (#25689) 2023-07-07 00:34:00 +02:00
cite Button and color enhancements (#24989) (#25176) 2023-06-11 02:13:08 +00:00
diff Fix being unable to use a repo that prohibits accepting PRs as a PR source. (#26785) (#26790) 2023-09-08 08:09:18 +02:00
editor Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
find
graph Improve commit graph alignment and truncating (#26112) (#26127) 2023-07-26 13:49:15 +02:00
issue [SECURITY] Fix XSS in dismissed review 2024-02-22 22:44:22 +01:00
migrate [SECURITY] review(kn4ck3r): more template escapes 2024-02-22 22:33:06 +01:00
projects Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
pulls Don't stack PR tab menu on small screens (#25789) 2023-08-18 15:40:21 +02:00
release Button and color enhancements (#24989) (#25176) 2023-06-11 02:13:08 +00:00
settings [SECURITY] review(kn4ck3r): more template escapes 2024-02-22 22:33:06 +01:00
tag
wiki [SECURITY] Fix XSS in wiki last commit information 2024-02-22 22:36:14 +01:00
activity.tmpl Fix UI on mobile view (#25315) (#25340) 2023-06-18 13:02:41 +00:00
blame.tmpl Button and color enhancements (#24989) (#25176) 2023-06-11 02:13:08 +00:00
branch_dropdown.tmpl
clone_buttons.tmpl Clarify "text-align" CSS helpers, fix clone button padding (#25763) (#25764) 2023-07-10 00:19:24 +02:00
clone_script.tmpl Rework button coloring, add focus and active colors (#24507) 2023-05-29 12:45:22 +00:00
commit_page.tmpl Clarify "text-align" CSS helpers, fix clone button padding (#25763) (#25764) 2023-07-10 00:19:24 +02:00
commit_status.tmpl Make pending commit status yellow again (#25935) (#25968) 2023-07-24 07:58:56 +02:00
commit_statuses.tmpl Button and color enhancements (#24989) (#25176) 2023-06-11 02:13:08 +00:00
commits.tmpl Fix some UI alignments (#25277) (#25290) 2023-06-16 00:32:59 +00:00
commits_list.tmpl Several fixes for mobile UI (#25634) (#25689) 2023-07-07 00:34:00 +02:00
commits_list_small.tmpl Use flex to align SVG and text (#25163) (#25260) 2023-06-14 13:21:48 -04:00
commits_table.tmpl Fix commit compare style (#26209) (#26226) 2023-07-30 07:46:19 +02:00
create.tmpl Fix incorrect "tabindex" attributes (#26733) (#26734) 2023-09-08 08:07:19 +02:00
create_helper.tmpl
empty.tmpl Fix UI on mobile view (#25315) (#25340) 2023-06-18 13:02:41 +00:00
file_info.tmpl Show if File is Executable (#25287) (#25300) 2023-06-16 09:29:26 +00:00
forks.tmpl
graph.tmpl
header.tmpl Clarify "text-align" CSS helpers, fix clone button padding (#25763) (#25764) 2023-07-10 00:19:24 +02:00
home.tmpl Hide add file button for pull mirrors (#25748) (#25751) 2023-07-07 14:12:59 +00:00
icon.tmpl
packages.tmpl
release_tag_header.tmpl Fix incorrect release count (#25879) (#25887) 2023-07-14 09:32:43 +00:00
search.tmpl
search_name.tmpl
shabox_badge.tmpl
sub_menu.tmpl Fix tags header and pretty format numbers (#25624) (#25694) 2023-07-05 07:08:16 +00:00
unicode_escape_prompt.tmpl Clarify "text-align" CSS helpers, fix clone button padding (#25763) (#25764) 2023-07-10 00:19:24 +02:00
upload.tmpl
user_cards.tmpl
view_file.tmpl Button and color enhancements (#24989) (#25176) 2023-06-11 02:13:08 +00:00
view_list.tmpl Various UI fixes (#25264) (#25431) 2023-06-22 10:19:38 +00:00
watchers.tmpl