oss/forgejo
oss/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-08-01 17:38:33 +00:00
Code Wiki Activity

Remove unnecessary SanitizeHTML from code (#29575)

Browse source 
* "mail/issue/default.tmpl": the body is rendered by backend
`markdown.RenderString() HTML`, it has been already sanitized
* "repo/settings/webhook/base_list.tmpl": "Description" is prepared by
backend `ctx.Tr`, it doesn't need to be sanitized

(cherry picked from commit dae7f1ebdbe19620f40e110b285f7c0ecd0bb33b)
This commit is contained in:
wxiaoguang 2024-03-04 20:02:45 +08:00 committed by Earl Warren
parent 3c05986fcf
commit a44805e5b3
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
7 changed files with 7 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/templates/helper_test.go
View file

@ -64,5 +64,4 @@ func TestHTMLFormat(t *testing.T) {
func TestSanitizeHTML(t *testing.T) {
assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`))
assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(template.HTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`)))
}