Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Escape Email in forgot_password.tmpl (#12610) #12612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jolheiser merged 1 commit into from
Aug 26, 2020
Merged

Escape Email in forgot_password.tmpl (#12610) #12612

jolheiser merged 1 commit into from
Aug 26, 2020

Conversation

@jolheiser
Copy link
Member

@jolheiser jolheiser commented Aug 26, 2020

Backport #12610

Credit: @zeripath

@jolheiser jolheiser added this to the 1.12.4 milestone Aug 26, 2020
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Aug 26, 2020
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Aug 26, 2020
@jolheiser jolheiser merged commit 981216c into go-gitea:release/v1.12 Aug 26, 2020
@jolheiser jolheiser deleted the backport-12610 branch August 26, 2020 15:12
@lafriks
Copy link
Member

lafriks commented Aug 27, 2020

Note for blog post:
Thanks to Osama Hamad (https://github.com/osamahamad) for reporting this security issue

@silverwind
Copy link
Member

silverwind commented Aug 27, 2020
edited
Loading

As a more general fix, I think .i18n.Tr should escape by default unless there's HTML content in the english translation string (would not trust other languagues). Thought we should probably just eliminate HTML in translation strings altogether which would allow us to escape everything.

@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@silverwind silverwind silverwind approved these changes

+1 more reviewer

@mrsdizzie mrsdizzie mrsdizzie approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug

Projects

None yet

Milestone

1.12.4

Development

Successfully merging this pull request may close these issues.

6 participants

@jolheiser @lafriks @silverwind @mrsdizzie @GiteaBot @zeripath