forks/forgejo
1
0
Fork 0
Code Releases Activity

Security: fix XSS attack on milestone (#976)

Browse source 
Reported by Miguel Ángel Jimeno.
This commit is contained in:
Lunny Xiao 2017-02-19 19:09:59 +08:00 committed by GitHub
parent dbe6d2ff8e
commit 6076c95dd1
3 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
templates/repo/issue/milestones.tmpl
View file

@ -43,7 +43,7 @@
<div class="milestone list">
{{range .Milestones}}
<li class="item">
<i class="octicon octicon-milestone"></i> <a href="{{$.RepoLink}}/issues?state={{$.State}}&milestone={{.ID}}">{{.Name}}</a>
<i class="octicon octicon-milestone"></i> <a href="{{$.RepoLink}}/issues?state={{$.State}}&milestone={{.ID}}">{{.Name | Sanitize}}</a>
<div class="ui right green progress" data-percent="{{.Completeness}}">
<div class="bar" {{if not .Completeness}}style="background-color: transparent"{{end}}>
<div class="progress"></div>