Commit Graph

12 Commits (371ebce2524f013986401af84732fb27bdbc4f96)

Author SHA1 Message Date
zeripath bbffcc3aec
Multiple Escaping Improvements (#17551)
There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this.
    
This is an extensive PR attempting to fix these issues.

1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping.
2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand.
3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future. 
4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.)
5. The title generation in feeds is now properly escaped.
6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-16 18:18:25 +00:00
6543 be81dc8b20
Localize Email Templates (#16200)
close #14822
2021-06-23 14:33:21 +02:00
AJ ONeal 6dbd261852 UX + Security current user password reset (#5042)
* allow current user to reset their own password

* handle reset password edge cases properly and consistently

* remove dangling assignment

* properly label account recovery instead of reset password

* remove 'Click here' from button

* update English-only account-recovery templates
2019-04-18 10:23:59 +03:00
mrsdizzie 04003d9dc7 Make distinction between DisplayName and Username in email templates (#6495)
* Make distinction between DisplayName and Username in email templates

Store the actual username in the variable named Username and store the
separate DisplayName in another variable. This allows us to access the
actual username when we need, which currently fails if a user has set a
full name.

Fixes #6161

* Use u.Name directly

No need for extra function, also change use in all mail sending
functions here

* Don't include Username when not used
2019-04-04 10:52:48 +03:00
cezar97 51ba3df5ff Add `noreferrer` to rel='noopener` for <a> tags (#4328) 2018-07-03 19:52:36 -04:00
Michael Kuhn f86af9c280 Mention the possibility of resetting the password for new accounts (#3812)
This solves the problem of administrators creating accounts for users
that then do not know their initial password (without the administrator
sending it to them via some other channel).
2018-04-19 09:08:51 +08:00
Jonas 16732fbfde Removed email copyright year (#1348) 2017-03-21 18:00:39 +08:00
Bwko 5ab85372da Added rel="noopener" to target="_blank" hrefs (#327)
* Added rel="noopener" to target="_blank" hrefs

* Replaced gogs.io/docs with docs.gitea.io
2016-12-02 09:12:16 +08:00
Unknwon f1b8d52eb3 #2854 fix no mail notification when issue is closed/reopened 2016-07-16 00:36:39 +08:00
Adam Strzelecki da2585c11e Indent all templates with tabs
This commit improves templates readability, since all of them use consistent
indent with all template command blocks indented too.

1. Indents both HTML containers such as <div>, <p> and Go HTML template blocks
   such as {{if}} {{with}}

2. Cleans all trailing white-space

3. Adds trailing last line-break to each file
2015-12-08 00:57:46 +01:00
Unknwon d2808e38fe fix #1979 2015-11-18 14:51:38 -05:00
Unknwon 21e13cb51e #1525 Triggere mailer for admin created accounts 2015-09-25 19:45:44 -04:00