Skip to content

Commit

Permalink
Stop sanitizing full name in API (go-gitea#17396)
Browse files Browse the repository at this point in the history 
The API convert.toUser function makes the incorrect assumption that full names could
be rendered as is without being escaped. It therefore runs the names through
markup.Sanitize which leads to a double escape of user full names. This
pr stops this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
  • Loading branch information
@zeripath @lunny
2 people authored and Stelios Malathouras committed Mar 28, 2022
1 parent 1774a2a commit fc74cd3
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions modules/convert/user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ package convert

import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/markup"
api "code.gitea.io/gitea/modules/structs"
)

Expand Down Expand Up @@ -49,7 +48,7 @@ func toUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{
ID: user.ID,
UserName: user.Name,
FullName: markup.Sanitize(user.FullName),
FullName: user.FullName,
Email: user.GetEmail(),
AvatarURL: user.AvatarLink(),
Created: user.CreatedUnix.AsTime(),
Expand Down

0 comments on commit fc74cd3

Please sign in to comment.