Skip to content

Commit

Permalink
Stop sanitizing full name in API (go-gitea#17396)
Browse files Browse the repository at this point in the history 
The API convert.toUser function makes the incorrect assumption that full names could
be rendered as is without being escaped. It therefore runs the names through
markup.Sanitize which leads to a double escape of user full names. This
pr stops this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
  • Loading branch information
@zeripath @lunny
zeripath and lunny authored Oct 22, 2021
1 parent 23d3692 commit af96286
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions modules/convert/user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ package convert

import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/markup"
api "code.gitea.io/gitea/modules/structs"
)

Expand Down Expand Up @@ -49,7 +48,7 @@ func toUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{
ID: user.ID,
UserName: user.Name,
FullName: markup.Sanitize(user.FullName),
FullName: user.FullName,
Email: user.GetEmail(),
AvatarURL: user.AvatarLink(),
Created: user.CreatedUnix.AsTime(),
Expand Down

0 comments on commit af96286

Please sign in to comment.