mirror of
https://github.com/go-gitea/gitea
synced 2024-11-14 01:35:54 +01:00
Fix escaping issue in diff (#14154)
Ensure that linecontent is escaped before passing to template.HTML Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
205be63bc1
commit
206b66a184
@ -10,6 +10,7 @@ import (
|
|||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"html"
|
||||||
"html/template"
|
"html/template"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
@ -164,9 +165,9 @@ func getDiffLineSectionInfo(treePath, line string, lastLeftIdx, lastRightIdx int
|
|||||||
// escape a line's content or return <br> needed for copy/paste purposes
|
// escape a line's content or return <br> needed for copy/paste purposes
|
||||||
func getLineContent(content string) string {
|
func getLineContent(content string) string {
|
||||||
if len(content) > 0 {
|
if len(content) > 0 {
|
||||||
return content
|
return html.EscapeString(content)
|
||||||
}
|
}
|
||||||
return "\n"
|
return "<br>"
|
||||||
}
|
}
|
||||||
|
|
||||||
// DiffSection represents a section of a DiffFile.
|
// DiffSection represents a section of a DiffFile.
|
||||||
@ -357,8 +358,6 @@ func (diffSection *DiffSection) GetComputedInlineDiffFor(diffLine *DiffLine) tem
|
|||||||
diffRecord := diffMatchPatch.DiffMain(highlight.Code(diffSection.FileName, diff1[1:]), highlight.Code(diffSection.FileName, diff2[1:]), true)
|
diffRecord := diffMatchPatch.DiffMain(highlight.Code(diffSection.FileName, diff1[1:]), highlight.Code(diffSection.FileName, diff2[1:]), true)
|
||||||
diffRecord = diffMatchPatch.DiffCleanupEfficiency(diffRecord)
|
diffRecord = diffMatchPatch.DiffCleanupEfficiency(diffRecord)
|
||||||
|
|
||||||
diffRecord = diffMatchPatch.DiffCleanupEfficiency(diffRecord)
|
|
||||||
|
|
||||||
return diffToHTML(diffSection.FileName, diffRecord, diffLine.Type)
|
return diffToHTML(diffSection.FileName, diffRecord, diffLine.Type)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user