github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-13 02:57:44 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

[PR #5575] [MERGED] Backport #5570 - Immediate fix to htmlEncode user added text #17852

New Issue
Closed
opened 2025-11-02 16:16:03 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-02 16:16:03 -06:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/go-gitea/gitea/pull/5575
Author: @techknowlogick
Created: 12/21/2018
Status: Merged
Merged: 12/21/2018
Merged by: @techknowlogick

Base: release/v1.6Head: backport-5570

📝 Commits (2)

  • 76932fe Immediate fix to htmlEncode user added text
  • 7cda1a8 Merge branch 'release/v1.6' into backport-5570

📊 Changes

1 file changed (+9 additions, -5 deletions)

View changed files

📝 public/js/index.js (+9 -5)

📄 Description

There are likely problems remaining with the way that initCommentForm
is creating its elements. I suspect that a malformed avatar url could
be used maliciously.

#5570

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/go-gitea/gitea/pull/5575 **Author:** [@techknowlogick](https://github.com/techknowlogick) **Created:** 12/21/2018 **Status:** ✅ Merged **Merged:** 12/21/2018 **Merged by:** [@techknowlogick](https://github.com/techknowlogick) **Base:** `release/v1.6` ← **Head:** `backport-5570` --- ### 📝 Commits (2) - [`76932fe`](https://github.com/go-gitea/gitea/commit/76932fed300ee0801898a7ed3179f47b7d810d8a) Immediate fix to htmlEncode user added text - [`7cda1a8`](https://github.com/go-gitea/gitea/commit/7cda1a83f4fbc4157e1cca278decb1a7215d4999) Merge branch 'release/v1.6' into backport-5570 ### 📊 Changes **1 file changed** (+9 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `public/js/index.js` (+9 -5) </details> ### 📄 Description There are likely problems remaining with the way that initCommentForm is creating its elements. I suspect that a malformed avatar url could be used maliciously. #5570 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2025-11-02 16:16:03 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#17852
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?