diff options
author | zeripath | 2019-05-10 21:19:45 +0100 |
---|---|---|
committer | GitHub | 2019-05-10 21:19:45 +0100 |
commit | ebb8fa610c78b426d526d15fd691c3133e68fd8f (patch) | |
tree | 1df6de61aa28352700e62f240b1f3002279282f1 | |
parent | c8fc7fce4a374f59edbd690ad88292c291c0cb4d (diff) |
Escape the commit message on issues update (#6901) (#6902)
-rw-r--r-- | models/action.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/models/action.go b/models/action.go index 2cd3616d6..8a958f546 100644 --- a/models/action.go +++ b/models/action.go @@ -7,6 +7,7 @@ package models import ( "encoding/json" "fmt" + "html" "path" "regexp" "strconv" @@ -532,7 +533,7 @@ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit, bra } refMarked[issue.ID] = true - message := fmt.Sprintf(`<a href="%s/commit/%s">%s</a>`, repo.Link(), c.Sha1, c.Message) + message := fmt.Sprintf(`<a href="%s/commit/%s">%s</a>`, repo.Link(), c.Sha1, html.EscapeString(c.Message)) if err = CreateRefComment(doer, repo, issue, message, c.Sha1); err != nil { return err } |