Escape search query (Backport 1.4) (#3488)

* Escape search query

Signed-off-by: Jonas Franz <info@jonasfranz.de>

(cherry picked from commit 2970889)

* Reordered imports

Signed-off-by: Jonas Franz <info@jonasfranz.de>
This commit is contained in:
Jonas Franz 2018-02-11 20:25:02 +01:00 committed by Lauris BH
parent 4e27cc4813
commit c0675ef6c2
2 changed files with 8 additions and 1 deletions

View file

@ -10,6 +10,7 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"html"
"html/template" "html/template"
"mime" "mime"
"net/url" "net/url"
@ -179,6 +180,7 @@ func NewFuncMap() []template.FuncMap {
return dict, nil return dict, nil
}, },
"Printf": fmt.Sprintf, "Printf": fmt.Sprintf,
"Escape": Escape,
}} }}
} }
@ -197,6 +199,11 @@ func Str2html(raw string) template.HTML {
return template.HTML(markup.Sanitize(raw)) return template.HTML(markup.Sanitize(raw))
} }
// Escape escapes a HTML string
func Escape(raw string) string {
return html.EscapeString(raw)
}
// List traversings the list // List traversings the list
func List(l *list.List) chan interface{} { func List(l *list.List) chan interface{} {
e := l.Front() e := l.Front()

View file

@ -14,7 +14,7 @@
</div> </div>
{{if .Keyword}} {{if .Keyword}}
<h3> <h3>
{{.i18n.Tr "repo.search.results" .Keyword .RepoLink .RepoName | Str2html}} {{.i18n.Tr "repo.search.results" (.Keyword|Escape) .RepoLink .RepoName | Str2html }}
</h3> </h3>
<div class="repository search"> <div class="repository search">
{{range $result := .SearchResults}} {{range $result := .SearchResults}}