fix(oauth): HTML snippets in templates can be displayed
These changes were missed when cherry-picking the following c9d0e63c202827756c637d9ca7bbde685c1984b7 Remove unnecessary "Str2html" modifier from templates (#29319) Fixes: https://codeberg.org/forgejo/forgejo/issues/3623
This commit is contained in:
parent
d4eeb06a20
commit
caadd1815a
1 changed files with 4 additions and 3 deletions
|
@ -10,6 +10,7 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"html"
|
"html"
|
||||||
|
"html/template"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
@ -502,11 +503,11 @@ func AuthorizeOAuth(ctx *context.Context) {
|
||||||
ctx.Data["Scope"] = form.Scope
|
ctx.Data["Scope"] = form.Scope
|
||||||
ctx.Data["Nonce"] = form.Nonce
|
ctx.Data["Nonce"] = form.Nonce
|
||||||
if user != nil {
|
if user != nil {
|
||||||
ctx.Data["ApplicationCreatorLinkHTML"] = fmt.Sprintf(`<a href="%s">@%s</a>`, html.EscapeString(user.HomeLink()), html.EscapeString(user.Name))
|
ctx.Data["ApplicationCreatorLinkHTML"] = template.HTML(fmt.Sprintf(`<a href="%s">@%s</a>`, html.EscapeString(user.HomeLink()), html.EscapeString(user.Name)))
|
||||||
} else {
|
} else {
|
||||||
ctx.Data["ApplicationCreatorLinkHTML"] = fmt.Sprintf(`<a href="%s">%s</a>`, html.EscapeString(setting.AppSubURL+"/"), html.EscapeString(setting.AppName))
|
ctx.Data["ApplicationCreatorLinkHTML"] = template.HTML(fmt.Sprintf(`<a href="%s">%s</a>`, html.EscapeString(setting.AppSubURL+"/"), html.EscapeString(setting.AppName)))
|
||||||
}
|
}
|
||||||
ctx.Data["ApplicationRedirectDomainHTML"] = "<strong>" + html.EscapeString(form.RedirectURI) + "</strong>"
|
ctx.Data["ApplicationRedirectDomainHTML"] = template.HTML("<strong>" + html.EscapeString(form.RedirectURI) + "</strong>")
|
||||||
// TODO document SESSION <=> FORM
|
// TODO document SESSION <=> FORM
|
||||||
err = ctx.Session.Set("client_id", app.ClientID)
|
err = ctx.Session.Set("client_id", app.ClientID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue