Escape search query (Backport 1.4) (#3488)

jonasfranz · lafriks · commit c0675ef6c299 · 2018-02-11T21:25:02.000+02:00
* Escape search query Signed-off-by: Jonas Franz <info@jonasfranz.de> (cherry picked from commit 2970889) * Reordered imports Signed-off-by: Jonas Franz <info@jonasfranz.de>
diff --git a/modules/templates/helper.go b/modules/templates/helper.go
@@ -10,6 +10,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"html"
 	"html/template"
 	"mime"
 	"net/url"
@@ -179,6 +180,7 @@ func NewFuncMap() []template.FuncMap {
 			return dict, nil
 		},
 		"Printf": fmt.Sprintf,
+		"Escape": Escape,
 	}}
 }
 
@@ -197,6 +199,11 @@ func Str2html(raw string) template.HTML {
 	return template.HTML(markup.Sanitize(raw))
 }
 
+// Escape escapes a HTML string
+func Escape(raw string) string {
+	return html.EscapeString(raw)
+}
+
 // List traversings the list
 func List(l *list.List) chan interface{} {
 	e := l.Front()
diff --git a/templates/repo/search.tmpl b/templates/repo/search.tmpl
@@ -14,7 +14,7 @@
 		</div>
 		{{if .Keyword}}
 			<h3>
-				{{.i18n.Tr "repo.search.results" .Keyword .RepoLink .RepoName | Str2html}}
+				{{.i18n.Tr "repo.search.results" (.Keyword|Escape) .RepoLink .RepoName | Str2html }}
 			</h3>
 			<div class="repository search">
 				{{range $result := .SearchResults}}
