Skip to content

Escape commit messages in branch/file feeds and add regression tests#36796

Open
lunny wants to merge 1 commit intogo-gitea:mainfrom
lunny:lunny/fix_feed
Open

Escape commit messages in branch/file feeds and add regression tests#36796
lunny wants to merge 1 commit intogo-gitea:mainfrom
lunny:lunny/fix_feed

Conversation

@lunny
Copy link
Member

@lunny lunny commented Mar 2, 2026

  • Escape branch/file feed commit descriptions and content to prevent HTML injection.
  • Add unit tests for branch/file feed RSS output using a commit message with script tags.
  • Also escape release feed titles (already present in this branch diff).

Generated by a coding agent with Codex 5.2

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Mar 2, 2026
@github-actions github-actions bot added the modifies/go Pull requests that update Go code label Mar 2, 2026
wxiaoguang
wxiaoguang requested changes Mar 2, 2026
View reviewed changes
Copy link
Contributor

@wxiaoguang wxiaoguang left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wrong

Details image image

@GiteaBot GiteaBot added lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Mar 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wxiaoguang wxiaoguang wxiaoguang requested changes

Assignees

No one assigned

Labels

backport/v1.25 lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged modifies/go Pull requests that update Go code type/bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lunny @wxiaoguang @GiteaBot