public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-29 10:57:44 +09:00
Code Issues Packages Projects Releases Wiki Activity

Stop sanitizing full name in API (#17396)

Browse Source 
The API convert.toUser function makes the incorrect assumption that full names could
be rendered as is without being escaped. It therefore runs the names through
markup.Sanitize which leads to a double escape of user full names. This
pr stops this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
zeripath
2021-10-22 08:17:35 +01:00
committed by GitHub
parent 23d36929bc
commit af96286f22
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/convert/user.go
View File

@@ -6,7 +6,6 @@ package convert
import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/markup"
api "code.gitea.io/gitea/modules/structs"
)
@@ -49,7 +48,7 @@ func toUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{
ID: user.ID,
UserName: user.Name,
FullName: markup.Sanitize(user.FullName),
FullName: user.FullName,
Email: user.GetEmail(),
AvatarURL: user.AvatarLink(),
Created: user.CreatedUnix.AsTime(),