diff --git a/modules/templates/helper.go b/modules/templates/helper.go index c256455399..e844cacd39 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -15,6 +15,7 @@ import ( "strings" "time" + "github.com/microcosm-cc/bluemonday" "golang.org/x/net/html/charset" "golang.org/x/text/transform" "gopkg.in/editorconfig/editorconfig-core-go.v1" @@ -61,6 +62,7 @@ func NewFuncMap() []template.FuncMap { }, "AvatarLink": base.AvatarLink, "Safe": Safe, + "Sanitize": bluemonday.UGCPolicy().Sanitize, "Str2html": Str2html, "TimeSince": base.TimeSince, "RawTimeSince": base.RawTimeSince, diff --git a/templates/repo/wiki/view.tmpl b/templates/repo/wiki/view.tmpl index b8b0d2702a..a8f1b508c7 100644 --- a/templates/repo/wiki/view.tmpl +++ b/templates/repo/wiki/view.tmpl @@ -1,6 +1,7 @@ {{template "base/head" .}}
{{template "repo/header" .}} + {{ $title := .title | Sanitize}}
@@ -9,7 +10,7 @@
{{.i18n.Tr "repo.wiki.page"}}: - {{.title}} + {{$title}}
@@ -20,7 +21,7 @@
{{range .Pages}} -
{{.Name}}
+
{{.Name | Sanitize}}
{{end}}
@@ -51,7 +52,7 @@
- {{.title}} + {{$title}} {{if and .IsRepositoryWriter (not .Repository.IsMirror)}}
{{.i18n.Tr "repo.wiki.edit_page_button"}} @@ -76,7 +77,7 @@ {{.i18n.Tr "repo.wiki.delete_page_button"}}
-

{{.i18n.Tr "repo.wiki.delete_page_notice_1" .title | Safe}}

+

{{.i18n.Tr "repo.wiki.delete_page_notice_1" $title | Safe}}

{{template "base/delete_modal_actions" .}}