From 88cc3addcddad692c71d09d10224736a198eb658 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Sat, 13 Aug 2022 22:58:32 +0100
Subject: [PATCH] Add Ambiguous Character Detection to Description, FullName
 and others

Users can change their description, full-names and others to include
ambiguous and invisible characters which may lead to misleading
information.

This PR adds ambiguous/invisible character detection to these fields.

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 modules/charset/escape.go                     |  26 +++--
 modules/charset/escape_test.go                |   2 +-
 modules/templates/helper.go                   | 102 +++++++++++++++---
 options/locale/locale_en-US.ini               |   3 +
 routers/web/feed/convert.go                   |   2 +-
 routers/web/repo/lfs.go                       |   2 +-
 routers/web/repo/view.go                      |   8 +-
 routers/web/repo/wiki.go                      |   2 +-
 templates/admin/emails/list.tmpl              |   6 +-
 templates/admin/user/list.tmpl                |   4 +-
 templates/base/head_script.tmpl               |   5 +-
 templates/explore/organizations.tmpl          |   2 +-
 templates/explore/users.tmpl                  |   8 +-
 templates/org/home.tmpl                       |   6 +-
 templates/repo/branch/list.tmpl               |   4 +-
 templates/repo/commit_page.tmpl               |  30 +++---
 templates/repo/commits_list.tmpl              |  10 +-
 templates/repo/commits_list_small.tmpl        |   6 +-
 templates/repo/diff/compare.tmpl              |   2 +-
 templates/repo/graph/commits.tmpl             |   8 +-
 templates/repo/issue/view_title.tmpl          |   2 +-
 templates/repo/settings/protected_branch.tmpl |   2 +-
 templates/repo/settings/tags.tmpl             |   2 +-
 templates/repo/view_list.tmpl                 |  16 +--
 templates/user/auth/activate.tmpl             |   8 +-
 templates/user/auth/forgot_passwd.tmpl        |   4 +-
 templates/user/dashboard/feeds.tmpl           |   2 +-
 templates/user/profile.tmpl                   |  12 +--
 templates/user/settings/account.tmpl          |   4 +-
 templates/user/settings/keys_gpg.tmpl         |   4 +-
 templates/user/settings/profile.tmpl          |   4 +-
 web_src/js/features/repo-unicode-escape.js    |  28 +++--
 web_src/js/features/tribute.js                |   4 +-
 web_src/less/_base.less                       |  32 +++++-
 web_src/less/_repository.less                 |  22 ----
 web_src/less/_review.less                     |   7 --
 36 files changed, 247 insertions(+), 144 deletions(-)

diff --git a/modules/charset/escape.go b/modules/charset/escape.go
index b264a569ff5ed..d92a34ed29fa7 100644
--- a/modules/charset/escape.go
+++ b/modules/charset/escape.go
@@ -22,18 +22,12 @@ const RuneNBSP = 0xa0
 // EscapeControlHTML escapes the unicode control sequences in a provided html document
 func EscapeControlHTML(text string, locale translation.Locale, allowed ...rune) (escaped *EscapeStatus, output string) {
 	sb := &strings.Builder{}
-	outputStream := &HTMLStreamerWriter{Writer: sb}
-	streamer := NewEscapeStreamer(locale, outputStream, allowed...).(*escapeStreamer)
-
-	if err := StreamHTML(strings.NewReader(text), streamer); err != nil {
-		streamer.escaped.HasError = true
-		log.Error("Error whilst escaping: %v", err)
-	}
-	return streamer.escaped, sb.String()
+	escaped, _ = EscapeControlHTMLReader(strings.NewReader(text), sb, locale, allowed...)
+	return escaped, sb.String()
 }
 
-// EscapeControlReaders escapes the unicode control sequences in a provider reader and writer in a locale and returns the findings as an EscapeStatus and the escaped []byte
-func EscapeControlReader(reader io.Reader, writer io.Writer, locale translation.Locale, allowed ...rune) (escaped *EscapeStatus, err error) {
+// EscapeControlHTMLReader escapes the unicode control sequences in a provided reader of an HTML document and writer in a locale and returns the findings as an EscapeStatus
+func EscapeControlHTMLReader(reader io.Reader, writer io.Writer, locale translation.Locale, allowed ...rune) (escaped *EscapeStatus, err error) {
 	outputStream := &HTMLStreamerWriter{Writer: writer}
 	streamer := NewEscapeStreamer(locale, outputStream, allowed...).(*escapeStreamer)
 
@@ -56,3 +50,15 @@ func EscapeControlString(text string, locale translation.Locale, allowed ...rune
 	}
 	return streamer.escaped, sb.String()
 }
+
+// EscapeControlStringWriter escapes the unicode control sequences in a string and provided writer in a locale and returns the findings as an EscapeStatus
+func EscapeControlStringWriter(text string, writer io.Writer, locale translation.Locale, allowed ...rune) (escaped *EscapeStatus, err error) {
+	outputStream := &HTMLStreamerWriter{Writer: writer}
+	streamer := NewEscapeStreamer(locale, outputStream, allowed...).(*escapeStreamer)
+
+	if err = streamer.Text(text); err != nil {
+		streamer.escaped.HasError = true
+		log.Error("Error whilst escaping: %v", err)
+	}
+	return streamer.escaped, err
+}
diff --git a/modules/charset/escape_test.go b/modules/charset/escape_test.go
index 8063e115424cb..0a84416fd6e70 100644
--- a/modules/charset/escape_test.go
+++ b/modules/charset/escape_test.go
@@ -173,7 +173,7 @@ func TestEscapeControlReader(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			input := strings.NewReader(tt.text)
 			output := &strings.Builder{}
-			status, err := EscapeControlReader(input, output, translation.NewLocale("en_US"))
+			status, err := EscapeControlHTMLReader(input, output, translation.NewLocale("en_US"))
 			result := output.String()
 			if err != nil {
 				t.Errorf("EscapeControlReader(): err = %v", err)
diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 602afec4135fc..7b065eb3bcdfe 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -31,6 +31,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/charset"
 	"code.gitea.io/gitea/modules/emoji"
 	"code.gitea.io/gitea/modules/git"
 	giturl "code.gitea.io/gitea/modules/git/url"
@@ -42,6 +43,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/svg"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/services/gitdiff"
 
@@ -343,12 +345,15 @@ func NewFuncMap() []template.FuncMap {
 			}
 			return false
 		},
-		"svg":            SVG,
-		"avatar":         Avatar,
-		"avatarHTML":     AvatarHTML,
-		"avatarByAction": AvatarByAction,
-		"avatarByEmail":  AvatarByEmail,
-		"repoAvatar":     RepoAvatar,
+		"svg":                 SVG,
+		"avatar":              Avatar,
+		"avatarHTML":          AvatarHTML,
+		"avatarByAction":      AvatarByAction,
+		"avatarByEmail":       AvatarByEmail,
+		"escapeAmbiguous":     EscapeAmbiguous,
+		"escapeAmbiguousHTML": EscapeAmbiguousHTML,
+		"escapeAmbiguousLink": EscapeAmbiguousLink,
+		"repoAvatar":          RepoAvatar,
 		"SortArrow": func(normSort, revSort, urlSort string, isDefault bool) template.HTML {
 			// if needed
 			if len(normSort) == 0 || len(urlSort) == 0 {
@@ -680,6 +685,67 @@ func AvatarByEmail(email, name string, others ...interface{}) template.HTML {
 	return template.HTML("")
 }
 
+// EscapeAmbiguous
+func EscapeAmbiguous(locale translation.Locale, text string) template.HTML {
+	sb := &strings.Builder{}
+	status, _ := charset.EscapeControlStringWriter(text, sb, locale)
+	escapeStatusSwitch(locale, sb, status)
+
+	return template.HTML(sb.String())
+}
+
+// EscapeAmbiguousHTML
+func EscapeAmbiguousHTML(locale translation.Locale, html string) template.HTML {
+	sb := &strings.Builder{}
+	status, _ := charset.EscapeControlHTMLReader(strings.NewReader(html), sb, locale)
+	escapeStatusSwitch(locale, sb, status)
+	return template.HTML(sb.String())
+}
+
+// EscapeAmbiguousLink takes a locale, text body - which is assumed to be a string not html, href and other attributes
+func EscapeAmbiguousLink(locale translation.Locale, text, href string, attrs ...string) template.HTML {
+	sb := &strings.Builder{}
+	_, _ = sb.WriteString(`<a href="`)
+	template.HTMLEscape(sb, []byte(href))
+	_, _ = sb.WriteString(`"`)
+	attrValue := false
+	for _, attr := range attrs {
+		if attrValue {
+			_, _ = sb.WriteString(`="`)
+		} else {
+			_, _ = sb.WriteString(` `)
+		}
+		template.HTMLEscape(sb, []byte(attr))
+		if attrValue {
+			_, _ = sb.WriteString(`"`)
+		}
+		attrValue = !attrValue
+	}
+	_, _ = sb.WriteString(`>`)
+	status, _ := charset.EscapeControlStringWriter(text, sb, locale)
+	_, _ = sb.WriteString(`</a>`)
+
+	escapeStatusSwitch(locale, sb, status)
+	return template.HTML(sb.String())
+}
+
+func escapeStatusSwitch(locale translation.Locale, sb *strings.Builder, status *charset.EscapeStatus) {
+	if status.Escaped {
+		_, _ = sb.WriteString(`<a href="" class="toggle-escape-button" title="`)
+		if status.HasInvisible {
+			_, _ = sb.WriteString(locale.Tr("invisible_runes"))
+		}
+		if status.HasInvisible && status.HasAmbiguous {
+			_, _ = sb.WriteString(` `)
+		}
+		if status.HasAmbiguous {
+			_, _ = sb.WriteString(locale.Tr("ambiguous_runes"))
+		}
+
+		_, _ = sb.WriteString(`"></a>`)
+	}
+}
+
 // Safe render raw as HTML
 func Safe(raw string) template.HTML {
 	return template.HTML(raw)
@@ -711,13 +777,13 @@ func DotEscape(raw string) string {
 }
 
 // RenderCommitMessage renders commit message with XSS-safe and special links.
-func RenderCommitMessage(ctx context.Context, msg, urlPrefix string, metas map[string]string) template.HTML {
-	return RenderCommitMessageLink(ctx, msg, urlPrefix, "", metas)
+func RenderCommitMessage(ctx context.Context, locale translation.Locale, msg, urlPrefix string, metas map[string]string) template.HTML {
+	return RenderCommitMessageLink(ctx, locale, msg, urlPrefix, "", metas)
 }
 
 // RenderCommitMessageLink renders commit message as a XXS-safe link to the provided
 // default url, handling for special links.
-func RenderCommitMessageLink(ctx context.Context, msg, urlPrefix, urlDefault string, metas map[string]string) template.HTML {
+func RenderCommitMessageLink(ctx context.Context, locale translation.Locale, msg, urlPrefix, urlDefault string, metas map[string]string) template.HTML {
 	cleanMsg := template.HTMLEscapeString(msg)
 	// we can safely assume that it will not return any error, since there
 	// shouldn't be any special HTML.
@@ -731,16 +797,17 @@ func RenderCommitMessageLink(ctx context.Context, msg, urlPrefix, urlDefault str
 		log.Error("RenderCommitMessage: %v", err)
 		return ""
 	}
-	msgLines := strings.Split(strings.TrimSpace(fullMessage), "\n")
+	msgLines := strings.SplitN(strings.TrimSpace(fullMessage), "\n", 2)
 	if len(msgLines) == 0 {
 		return template.HTML("")
 	}
-	return template.HTML(msgLines[0])
+	_, renderedMessage := charset.EscapeControlHTML(msgLines[0], locale)
+	return template.HTML(renderedMessage)
 }
 
 // RenderCommitMessageLinkSubject renders commit message as a XXS-safe link to
 // the provided default url, handling for special links without email to links.
-func RenderCommitMessageLinkSubject(ctx context.Context, msg, urlPrefix, urlDefault string, metas map[string]string) template.HTML {
+func RenderCommitMessageLinkSubject(ctx context.Context, locale translation.Locale, msg, urlPrefix, urlDefault string, metas map[string]string) template.HTML {
 	msgLine := strings.TrimLeftFunc(msg, unicode.IsSpace)
 	lineEnd := strings.IndexByte(msgLine, '\n')
 	if lineEnd > 0 {
@@ -763,11 +830,12 @@ func RenderCommitMessageLinkSubject(ctx context.Context, msg, urlPrefix, urlDefa
 		log.Error("RenderCommitMessageSubject: %v", err)
 		return template.HTML("")
 	}
+	_, renderedMessage = charset.EscapeControlHTML(renderedMessage, locale)
 	return template.HTML(renderedMessage)
 }
 
 // RenderCommitBody extracts the body of a commit message without its title.
-func RenderCommitBody(ctx context.Context, msg, urlPrefix string, metas map[string]string) template.HTML {
+func RenderCommitBody(ctx context.Context, locale translation.Locale, msg, urlPrefix string, metas map[string]string) template.HTML {
 	msgLine := strings.TrimRightFunc(msg, unicode.IsSpace)
 	lineEnd := strings.IndexByte(msgLine, '\n')
 	if lineEnd > 0 {
@@ -789,11 +857,12 @@ func RenderCommitBody(ctx context.Context, msg, urlPrefix string, metas map[stri
 		log.Error("RenderCommitMessage: %v", err)
 		return ""
 	}
+	_, renderedMessage = charset.EscapeControlHTML(renderedMessage, locale)
 	return template.HTML(renderedMessage)
 }
 
 // RenderIssueTitle renders issue/pull title with defined post processors
-func RenderIssueTitle(ctx context.Context, text, urlPrefix string, metas map[string]string) template.HTML {
+func RenderIssueTitle(ctx context.Context, locale translation.Locale, text, urlPrefix string, metas map[string]string) template.HTML {
 	renderedText, err := markup.RenderIssueTitle(&markup.RenderContext{
 		Ctx:       ctx,
 		URLPrefix: urlPrefix,
@@ -803,6 +872,7 @@ func RenderIssueTitle(ctx context.Context, text, urlPrefix string, metas map[str
 		log.Error("RenderIssueTitle: %v", err)
 		return template.HTML("")
 	}
+	_, renderedText = charset.EscapeControlHTML(renderedText, locale)
 	return template.HTML(renderedText)
 }
 
@@ -830,7 +900,7 @@ func ReactionToEmoji(reaction string) template.HTML {
 }
 
 // RenderNote renders the contents of a git-notes file as a commit message.
-func RenderNote(ctx context.Context, msg, urlPrefix string, metas map[string]string) template.HTML {
+func RenderNote(ctx context.Context, locale translation.Locale, msg, urlPrefix string, metas map[string]string) template.HTML {
 	cleanMsg := template.HTMLEscapeString(msg)
 	fullMessage, err := markup.RenderCommitMessage(&markup.RenderContext{
 		Ctx:       ctx,
@@ -841,6 +911,8 @@ func RenderNote(ctx context.Context, msg, urlPrefix string, metas map[string]str
 		log.Error("RenderNote: %v", err)
 		return ""
 	}
+	_, fullMessage = charset.EscapeControlHTML(fullMessage, locale)
+
 	return template.HTML(fullMessage)
 }
 
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 0e309279d29b6..58330361ca6e0 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -106,6 +106,9 @@ never = Never
 
 rss_feed = RSS Feed
 
+invisible_runes = `This field has invisible unicode characters`
+ambiguous_runes = `This field has ambiguous unicode characters`
+
 [error]
 occurred = An error occurred
 report_message = If you are sure this is a Gitea bug, please search for issues on <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> or open a new issue if necessary.
diff --git a/routers/web/feed/convert.go b/routers/web/feed/convert.go
index 978469d1259d0..353f5daf6ca1a 100644
--- a/routers/web/feed/convert.go
+++ b/routers/web/feed/convert.go
@@ -202,7 +202,7 @@ func feedActionsToFeedItems(ctx *context.Context, actions models.ActionList) (it
 					desc += fmt.Sprintf("<a href=\"%s\">%s</a>\n%s",
 						html.EscapeString(fmt.Sprintf("%s/commit/%s", act.GetRepoLink(), commit.Sha1)),
 						commit.Sha1,
-						templates.RenderCommitMessage(ctx, commit.Message, repoLink, nil),
+						templates.RenderCommitMessage(ctx, ctx.Locale, commit.Message, repoLink, nil),
 					)
 				}
 
diff --git a/routers/web/repo/lfs.go b/routers/web/repo/lfs.go
index baec48bfea770..25462319e469b 100644
--- a/routers/web/repo/lfs.go
+++ b/routers/web/repo/lfs.go
@@ -309,7 +309,7 @@ func LFSFileGet(ctx *context.Context) {
 
 		// Building code view blocks with line number on server side.
 		escapedContent := &bytes.Buffer{}
-		ctx.Data["EscapeStatus"], _ = charset.EscapeControlReader(rd, escapedContent, ctx.Locale)
+		ctx.Data["EscapeStatus"], _ = charset.EscapeControlHTMLReader(rd, escapedContent, ctx.Locale)
 
 		var output bytes.Buffer
 		lines := strings.Split(escapedContent.String(), "\n")
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 72ffda7e01476..fe0f633941237 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -339,7 +339,7 @@ func renderReadmeFile(ctx *context.Context, readmeFile *namedBlob, readmeTreelin
 		if err != nil {
 			log.Error("Render failed for %s in %-v: %v Falling back to rendering source", readmeFile.name, ctx.Repo.Repository, err)
 			buf := &bytes.Buffer{}
-			ctx.Data["EscapeStatus"], _ = charset.EscapeControlReader(rd, buf, ctx.Locale)
+			ctx.Data["EscapeStatus"], _ = charset.EscapeControlHTMLReader(rd, buf, ctx.Locale)
 			ctx.Data["FileContent"] = strings.ReplaceAll(
 				gotemplate.HTMLEscapeString(buf.String()), "\n", `<br>`,
 			)
@@ -347,7 +347,7 @@ func renderReadmeFile(ctx *context.Context, readmeFile *namedBlob, readmeTreelin
 	} else {
 		ctx.Data["IsRenderedHTML"] = true
 		buf := &bytes.Buffer{}
-		ctx.Data["EscapeStatus"], err = charset.EscapeControlReader(rd, &charset.BreakWriter{Writer: buf}, ctx.Locale, charset.RuneNBSP)
+		ctx.Data["EscapeStatus"], err = charset.EscapeControlHTMLReader(rd, &charset.BreakWriter{Writer: buf}, ctx.Locale, charset.RuneNBSP)
 		if err != nil {
 			log.Error("Read failed: %v", err)
 		}
@@ -517,7 +517,7 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry, treeLink, rawLink st
 			buf := &bytes.Buffer{}
 			ctx.Data["IsRenderedHTML"] = true
 
-			ctx.Data["EscapeStatus"], _ = charset.EscapeControlReader(rd, buf, ctx.Locale)
+			ctx.Data["EscapeStatus"], _ = charset.EscapeControlHTMLReader(rd, buf, ctx.Locale)
 
 			ctx.Data["FileContent"] = strings.ReplaceAll(
 				gotemplate.HTMLEscapeString(buf.String()), "\n", `<br>`,
@@ -644,7 +644,7 @@ func markupRender(ctx *context.Context, renderCtx *markup.RenderContext, input i
 	go func() {
 		sb := &strings.Builder{}
 		// We allow NBSP here this is rendered
-		escaped, _ = charset.EscapeControlReader(markupRd, sb, ctx.Locale, charset.RuneNBSP)
+		escaped, _ = charset.EscapeControlHTMLReader(markupRd, sb, ctx.Locale, charset.RuneNBSP)
 		output = sb.String()
 		close(done)
 	}()
diff --git a/routers/web/repo/wiki.go b/routers/web/repo/wiki.go
index 4cd5856ea647e..494e95f44888a 100644
--- a/routers/web/repo/wiki.go
+++ b/routers/web/repo/wiki.go
@@ -247,7 +247,7 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
 		done := make(chan struct{})
 		go func() {
 			// We allow NBSP here this is rendered
-			escaped, _ = charset.EscapeControlReader(markupRd, buf, ctx.Locale, charset.RuneNBSP)
+			escaped, _ = charset.EscapeControlHTMLReader(markupRd, buf, ctx.Locale, charset.RuneNBSP)
 			output = buf.String()
 			buf.Reset()
 			close(done)
diff --git a/templates/admin/emails/list.tmpl b/templates/admin/emails/list.tmpl
index adf5b9bef7b6f..095b9e28a0285 100644
--- a/templates/admin/emails/list.tmpl
+++ b/templates/admin/emails/list.tmpl
@@ -29,7 +29,7 @@
 				</div>
 			</form>
 		</div>
-		<div class="ui attached table segment">
+		<div class="ui attached table segment unicode-escaped">
 			<table class="ui very basic striped table unstackable">
 				<thead>
 					<tr>
@@ -50,8 +50,8 @@
 					{{range .Emails}}
 						<tr>
 							<td><a href="{{AppSubUrl}}/{{.Name | PathEscape}}">{{.Name}}</a></td>
-							<td><span class="text truncate">{{.FullName}}</span></td>
-							<td><span class="text email">{{.Email}}</span></td>
+							<td><span class="text truncate">{{escapeAmbiguous $.locale .FullName}}</span></td>
+							<td><span class="text email">{{escapeAmbiguous $.locale .Email}}</span></td>
 							<td>{{if .IsPrimary}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</td>
 							<td>
 								{{if .CanChange}}
diff --git a/templates/admin/user/list.tmpl b/templates/admin/user/list.tmpl
index 061e66385021d..c3f2377678d59 100644
--- a/templates/admin/user/list.tmpl
+++ b/templates/admin/user/list.tmpl
@@ -60,7 +60,7 @@
 				</div>
 			</form>
 		</div>
-		<div class="ui attached table segment">
+		<div class="ui attached table segment unicode-escaped">
 			<table class="ui very basic striped table unstackable">
 				<thead>
 					<tr>
@@ -88,7 +88,7 @@
 						<tr>
 							<td>{{.ID}}</td>
 							<td><a href="{{.HomeLink}}">{{.Name}}</a></td>
-							<td><span class="text truncate email">{{.Email}}</span></td>
+							<td><span class="text truncate email">{{escapeAmbiguous $.locale .Email}}</span></td>
 							<td>{{if .IsActive}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</td>
 							<td>{{if .IsAdmin}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</td>
 							<td>{{if .IsRestricted}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</td>
diff --git a/templates/base/head_script.tmpl b/templates/base/head_script.tmpl
index 48a3df693a39b..c5e2c11dea69f 100644
--- a/templates/base/head_script.tmpl
+++ b/templates/base/head_script.tmpl
@@ -19,14 +19,15 @@ If you introduce mistakes in it, Gitea JavaScript code wouldn't run correctly.
 		notificationSettings: {{NotificationSettings}}, {{/*a map provided by NewFuncMap in helper.go*/}}
 		enableTimeTracking: {{EnableTimetracking}},
 		{{if .RequireTribute}}
+		{{- /* WARNING: fullname below is assumed to be safe for HTML in tribute.js do not add unescaped content as fullname */}}
 		tributeValues: Array.from(new Map([
 			{{ range .Participants }}
 			['{{.Name}}', {key: '{{.Name}} {{.FullName}}', value: '{{.Name}}',
-			name: '{{.Name}}', fullname: '{{.FullName}}', avatar: '{{.AvatarLink}}'}],
+			name: '{{.Name}}', fullname: '{{escapeAmbiguous $.locale .FullName}}', avatar: '{{.AvatarLink}}'}],
 			{{ end }}
 			{{ range .Assignees }}
 			['{{.Name}}', {key: '{{.Name}} {{.FullName}}', value: '{{.Name}}',
-			name: '{{.Name}}', fullname: '{{.FullName}}', avatar: '{{.AvatarLink}}'}],
+			name: '{{.Name}}', fullname: '{{escapeAmbiguous $.locale .FullName}}', avatar: '{{.AvatarLink}}'}],
 			{{ end }}
 			{{ range .MentionableTeams }}
 				['{{$.MentionableTeamsOrg}}/{{.Name}}', {key: '{{$.MentionableTeamsOrg}}/{{.Name}}', value: '{{$.MentionableTeamsOrg}}/{{.Name}}',
diff --git a/templates/explore/organizations.tmpl b/templates/explore/organizations.tmpl
index 2073b8c69c697..230392f962545 100644
--- a/templates/explore/organizations.tmpl
+++ b/templates/explore/organizations.tmpl
@@ -10,7 +10,7 @@
 					{{avatar .}}
 					<div class="content">
 						<span class="header">
-							<a href="{{.HomeLink}}">{{.Name}}</a> {{.FullName}}
+							<a href="{{.HomeLink}}">{{.Name}}</a> {{escapeAmbiguous $.locale .FullName}}
 							{{if .Visibility.IsPrivate}}
 								<span class="ui basic label">{{$.locale.Tr "repo.desc.private"}}</span>
 							{{end}}
diff --git a/templates/explore/users.tmpl b/templates/explore/users.tmpl
index 94a21d9959583..b211884af3235 100644
--- a/templates/explore/users.tmpl
+++ b/templates/explore/users.tmpl
@@ -4,19 +4,19 @@
 	<div class="ui container">
 		{{template "explore/search" .}}
 
-		<div class="ui user list">
+		<div class="ui user list unicode-escaped">
 			{{range .Users}}
 				<div class="item">
 					{{avatar .}}
 					<div class="content">
-						<span class="header"><a href="{{.HomeLink}}">{{.Name}}</a> {{.FullName}}</span>
+						<span class="header"><a href="{{.HomeLink}}">{{.Name}}</a> {{escapeAmbiguous $.locale .FullName}}</span>
 						<div class="description">
 							{{if .Location}}
-								{{svg "octicon-location"}} {{.Location}}
+								{{svg "octicon-location"}} {{escapeAmbiguous $.locale .Location}}
 							{{end}}
 							{{if and $.ShowUserEmail .Email $.IsSigned (not .KeepEmailPrivate)}}
 								{{svg "octicon-mail"}}
-								<a href="mailto:{{.Email}}" rel="nofollow">{{.Email}}</a>
+								{{escapeAmbiguousLink $.locale .Email (printf "mailto:%s" .Email)}}
 							{{end}}
 							{{svg "octicon-clock"}} {{$.locale.Tr "user.join_on"}} {{.CreatedUnix.FormatShort}}
 						</div>
diff --git a/templates/org/home.tmpl b/templates/org/home.tmpl
index 3ff86259d53f2..2233f633ad8fe 100644
--- a/templates/org/home.tmpl
+++ b/templates/org/home.tmpl
@@ -2,7 +2,7 @@
 <div class="page-content organization profile">
 	<div class="ui container df">
 		{{avatar .Org 140 "org-avatar"}}
-		<div id="org-info">
+		<div id="org-info unicode-escaped">
 			<div class="ui header">
 				{{.Org.DisplayName}}
 				<a href="{{.Org.HomeLink}}.rss"><i class="ui grey icon tooltip ml-3" data-content="{{.locale.Tr "rss_feed"}}" data-position="top center">{{svg "octicon-rss" 36}}</i></a>
@@ -11,10 +11,10 @@
 					{{if .Org.Visibility.IsPrivate}}<div class="ui large basic horizontal label">{{.locale.Tr "org.settings.visibility.private_shortname"}}</div>{{end}}
 				</span>
 			</div>
-			{{if $.RenderedDescription}}<p class="render-content markup">{{$.RenderedDescription|Str2html}}</p>{{end}}
+			{{if $.RenderedDescription}}<p class="render-content markup">{{escapeAmbiguousHTML .locale $.RenderedDescription}}</p>{{end}}
 			<div class="text grey meta">
 				{{if .Org.Location}}<div class="item">{{svg "octicon-location"}} <span>{{.Org.Location}}</span></div>{{end}}
-				{{if .Org.Website}}<div class="item">{{svg "octicon-link"}} <a target="_blank" rel="noopener noreferrer" href="{{.Org.Website}}">{{.Org.Website}}</a></div>{{end}}
+				{{if .Org.Website}}<div class="item">{{svg "octicon-link"}} {{escapeAmbiguousLink .locale .Org.Website .Org.Website "target" "_blank" "rel" "nopener noreferrer"}}</div>{{end}}
 			</div>
 		</div>
 	</div>
diff --git a/templates/repo/branch/list.tmpl b/templates/repo/branch/list.tmpl
index 09799fbece577..cd9758c0d5290 100644
--- a/templates/repo/branch/list.tmpl
+++ b/templates/repo/branch/list.tmpl
@@ -18,7 +18,7 @@
 									{{svg "octicon-shield-lock"}}
 								{{end}}
 								<a href="{{.RepoLink}}/src/branch/{{PathEscapeSegments .DefaultBranch}}">{{.DefaultBranch}}</a>
-								<p class="info df ac my-2">{{svg "octicon-git-commit" 16 "mr-2"}}<a href="{{.RepoLink}}/commit/{{PathEscape .DefaultBranchBranch.Commit.ID.String}}">{{ShortSha .DefaultBranchBranch.Commit.ID.String}}</a> · <span class="commit-message">{{RenderCommitMessage $.Context .DefaultBranchBranch.Commit.CommitMessage .RepoLink .Repository.ComposeMetas}}</span> · {{.locale.Tr "org.repo_updated"}} {{TimeSince .DefaultBranchBranch.Commit.Committer.When .locale}}</p>
+								<p class="info df ac my-2">{{svg "octicon-git-commit" 16 "mr-2"}}<a href="{{.RepoLink}}/commit/{{PathEscape .DefaultBranchBranch.Commit.ID.String}}">{{ShortSha .DefaultBranchBranch.Commit.ID.String}}</a> · <span class="commit-message">{{RenderCommitMessage $.Context $.locale .DefaultBranchBranch.Commit.CommitMessage .RepoLink .Repository.ComposeMetas}}</span> · {{.locale.Tr "org.repo_updated"}} {{TimeSince .DefaultBranchBranch.Commit.Committer.When .locale}}</p>
 							</td>
 							<td class="right aligned overflow-visible">
 								{{if and $.IsWriter (not $.Repository.IsArchived) (not .IsDeleted)}}
@@ -61,7 +61,7 @@
 											{{svg "octicon-shield-lock"}}
 										{{end}}
 										<a href="{{$.RepoLink}}/src/branch/{{PathEscapeSegments .Name}}">{{.Name}}</a>
-										<p class="info df ac my-2">{{svg "octicon-git-commit" 16 "mr-2"}}<a href="{{$.RepoLink}}/commit/{{PathEscape .Commit.ID.String}}">{{ShortSha .Commit.ID.String}}</a> · <span class="commit-message">{{RenderCommitMessage $.Context .Commit.CommitMessage $.RepoLink $.Repository.ComposeMetas}}</span> · {{$.locale.Tr "org.repo_updated"}} {{TimeSince .Commit.Committer.When $.locale}}</p>
+										<p class="info df ac my-2">{{svg "octicon-git-commit" 16 "mr-2"}}<a href="{{$.RepoLink}}/commit/{{PathEscape .Commit.ID.String}}">{{ShortSha .Commit.ID.String}}</a> · <span class="commit-message">{{RenderCommitMessage $.Context $.locale .Commit.CommitMessage $.RepoLink $.Repository.ComposeMetas}}</span> · {{$.locale.Tr "org.repo_updated"}} {{TimeSince .Commit.Committer.When $.locale}}</p>
 									{{end}}
 									</td>
 									<td class="three wide ui">
diff --git a/templates/repo/commit_page.tmpl b/templates/repo/commit_page.tmpl
index 4c4f6f5bc8faf..e2acf0716548c 100644
--- a/templates/repo/commit_page.tmpl
+++ b/templates/repo/commit_page.tmpl
@@ -1,5 +1,5 @@
 {{template "base/head" .}}
-<div class="page-content repository diff">
+<div class="page-content repository diff unicode-escaped">
 	{{template "repo/header" .}}
 	<div class="ui container {{if .IsSplitStyle}}fluid padded{{end}}">
 		{{$class := ""}}
@@ -19,7 +19,7 @@
 		{{end}}
 		<div class="ui top attached header clearing segment pr commit-header {{$class}}">
 			<div class="df mb-4 fw">
-				<h3 class="mb-0 f1"><span class="commit-summary" title="{{.Commit.Summary}}">{{RenderCommitMessage $.Context .Commit.Message $.RepoLink $.Repository.ComposeMetas}}</span>{{template "repo/commit_statuses" dict "Status" .CommitStatus "Statuses" .CommitStatuses  "root" $}}</h3>
+				<h3 class="mb-0 f1"><span class="commit-summary" title="{{.Commit.Summary}}">{{RenderCommitMessage $.Context $.locale .Commit.Message $.RepoLink $.Repository.ComposeMetas}}</span>{{template "repo/commit_statuses" dict "Status" .CommitStatus "Statuses" .CommitStatuses  "root" $}}</h3>
 				{{if not $.PageIsWiki}}
 					<div class="ui">
 						<a class="ui primary tiny button" href="{{.SourcePath}}">
@@ -134,13 +134,13 @@
 				{{end}}
 			</div>
 			{{if IsMultilineCommitMessage .Commit.Message}}
-				<pre class="commit-body mt-0">{{RenderCommitBody $.Context .Commit.Message $.RepoLink $.Repository.ComposeMetas}}</pre>
+				<pre class="commit-body mt-0">{{RenderCommitBody $.Context $.locale .Commit.Message $.RepoLink $.Repository.ComposeMetas}}</pre>
 			{{end}}
 			{{if .BranchName}}
-				<span class="text grey mr-3">{{svg "octicon-git-branch" 16 "mr-2"}}{{.BranchName}}</span>
+				<span class="text grey mr-3">{{svg "octicon-git-branch" 16 "mr-2"}}{{escapeAmbiguous $.locale .BranchName}}</span>
 			{{end}}
 			{{if .TagName}}
-				<span class="text grey mr-3">{{svg "octicon-tag" 16 "mr-2"}}{{.TagName}}</span>
+				<span class="text grey mr-3">{{svg "octicon-tag" 16 "mr-2"}}{{escapeAmbiguous $.locale .TagName}}</span>
 			{{end}}
 		</div>
 		<div class="ui attached segment df ac sb py-2 commit-header-row fw {{$class}}">
@@ -148,23 +148,23 @@
 					{{if .Author}}
 						{{avatar .Author 28 "mr-3"}}
 						{{if .Author.FullName}}
-							<a href="{{.Author.HomeLink}}"><strong>{{.Author.FullName}}</strong></a>
+							{{escapeAmbiguousLink $.locale .Author.FullName .Author.HomeLink "class" "strong"}}
 						{{else}}
-							<a href="{{.Author.HomeLink}}"><strong>{{.Commit.Author.Name}}</strong></a>
+							{{escapeAmbiguousLink $.locale .Author.FullName .Commit.Author.Name "class" "strong"}}
 						{{end}}
 					{{else}}
 						{{avatarByEmail .Commit.Author.Email .Commit.Author.Email 28 "mr-3"}}
-						<strong>{{.Commit.Author.Name}}</strong>
+						<strong>{{escapeAmbiguous $.locale .Commit.Author.Name}}</strong>
 					{{end}}
 					<span class="text grey ml-3" id="authored-time">{{TimeSince .Commit.Author.When $.locale}}</span>
 					{{if or (ne .Commit.Committer.Name .Commit.Author.Name) (ne .Commit.Committer.Email .Commit.Author.Email)}}
 						<span class="text grey mx-3">{{.locale.Tr "repo.diff.committed_by"}}</span>
 						{{if ne .Verification.CommittingUser.ID 0}}
 							{{avatar .Verification.CommittingUser 28 "mx-3"}}
-							<a href="{{.Verification.CommittingUser.HomeLink}}"><strong>{{.Commit.Committer.Name}}</strong></a>
+							{{escapeAmbiguousLink $.locale .Verification.CommittingUser.HomeLink .Commit.Committer.Name "class" "strong"}}
 						{{else}}
 							{{avatarByEmail .Commit.Committer.Email .Commit.Committer.Name 28 "mr-3"}}
-							<strong>{{.Commit.Committer.Name}}</strong>
+							<strong>{{escapeAmbiguous $.locale .Commit.Committer.Name}}</strong>
 						{{end}}
 					{{end}}
 				</div>
@@ -206,7 +206,7 @@
 							<span title="{{.locale.Tr "gpg.default_key"}}">{{svg "gitea-lock-cog" 16 "mr-3"}}</span>
 							<span class="ui text mr-3">{{.locale.Tr "repo.commits.signed_by"}}:</span>
 							{{avatarByEmail .Verification.SigningEmail "" 28}}
-							<strong>{{.Verification.SigningUser.GetDisplayName}}</strong>
+							<strong>{{escapeAmbiguous $.locale .Verification.SigningUser.GetDisplayName}}</strong>
 						{{end}}
 					{{else}}
 						{{svg "gitea-unlock" 16 "mr-3"}}
@@ -269,18 +269,18 @@
 				{{if .NoteAuthor}}
 					<a href="{{.NoteAuthor.HomeLink}}">
 						{{if .NoteAuthor.FullName}}
-							<strong>{{.NoteAuthor.FullName}}</strong>
+							<strong>{{escapeAmbiguous $.locale .NoteAuthor.FullName}}</strong>
 						{{else}}
-							<strong>{{.NoteCommit.Author.Name}}</strong>
+							<strong>{{escapeAmbiguous $.locale .NoteCommit.Author.Name}}</strong>
 						{{end}}
 					</a>
 				{{else}}
-					<strong>{{.NoteCommit.Author.Name}}</strong>
+					<strong>{{escapeAmbiguous $.locale .NoteCommit.Author.Name}}</strong>
 				{{end}}
 				<span class="text grey" id="note-authored-time">{{TimeSince .NoteCommit.Author.When $.locale}}</span>
 			</div>
 			<div class="ui bottom attached info segment git-notes">
-				<pre class="commit-body">{{RenderNote $.Context .Note $.RepoLink $.Repository.ComposeMetas}}</pre>
+				<pre class="commit-body">{{RenderNote $.Context $.locale .Note $.RepoLink $.Repository.ComposeMetas}}</pre>
 			</div>
 		{{end}}
 		{{template "repo/diff/box" .}}
diff --git a/templates/repo/commits_list.tmpl b/templates/repo/commits_list.tmpl
index 1003f2ee7489a..f4e4f24a38d4c 100644
--- a/templates/repo/commits_list.tmpl
+++ b/templates/repo/commits_list.tmpl
@@ -1,4 +1,4 @@
-<div class="ui attached table segment commit-table">
+<div class="ui attached table segment commit-table unicode-escaped">
 		<table class="ui very basic striped table unstackable fixed" id="commits-table">
 			<thead>
 				<tr>
@@ -18,10 +18,10 @@
 								{{if .User.FullName}}
 									{{$userName = .User.FullName}}
 								{{end}}
-								{{avatar .User 28 "mr-2"}}<a href="{{.User.HomeLink}}">{{$userName}}</a>
+								{{avatar .User 28 "mr-2"}}{{escapeAmbiguousLink $.locale $userName .User.HomeLink}}
 							{{else}}
 								{{avatarByEmail .Author.Email .Author.Name 28 "mr-2"}}
-								{{$userName}}
+								{{escapeAmbiguous $.locale $userName}}
 							{{end}}
 						</td>
 						<td class="sha df">
@@ -64,7 +64,7 @@
 								<span class="commit-summary {{if gt .ParentCount 1}} grey text{{end}}" title="{{.Summary}}">{{.Summary | RenderEmoji}}</span>
 							{{else }}
 								{{ $commitLink:= printf "%s/commit/%s" $commitRepoLink (PathEscape .ID.String) }}
-								<span class="commit-summary {{if gt .ParentCount 1}} grey text{{end}}" title="{{.Summary}}">{{RenderCommitMessageLinkSubject $.Context .Message $commitRepoLink $commitLink $.Repository.ComposeMetas}}</span>
+								<span class="commit-summary {{if gt .ParentCount 1}} grey text{{end}}" title="{{.Summary}}">{{RenderCommitMessageLinkSubject $.Context $.locale .Message $commitRepoLink $commitLink $.Repository.ComposeMetas}}</span>
 							{{end}}
 							</span>
 							{{if IsMultilineCommitMessage .Message}}
@@ -72,7 +72,7 @@
 							{{end}}
 							{{template "repo/commit_statuses" dict "Status" .Status "Statuses" .Statuses "root" $}}
 							{{if IsMultilineCommitMessage .Message}}
-							<pre class="commit-body" style="display: none;">{{RenderCommitBody $.Context .Message $commitRepoLink $.Repository.ComposeMetas}}</pre>
+							<pre class="commit-body" style="display: none;">{{RenderCommitBody $.Context $.locale .Message $commitRepoLink $.Repository.ComposeMetas}}</pre>
 							{{end}}
 						</td>
 						{{if .Committer}}
diff --git a/templates/repo/commits_list_small.tmpl b/templates/repo/commits_list_small.tmpl
index c1e136318740b..d5a89999b7e1e 100644
--- a/templates/repo/commits_list_small.tmpl
+++ b/templates/repo/commits_list_small.tmpl
@@ -1,5 +1,5 @@
 {{ $index := 0}}
-<div class="timeline-item commits-list">
+<div class="timeline-item commits-list unicode-escaped">
 {{range .comment.Commits}}
 	{{ $tag := printf "%s-%d" $.comment.HashTag $index }}
 	{{ $index = Add $index 1}}
@@ -47,12 +47,12 @@
 		</span>
 
 		{{ $commitLink:= printf "%s/commit/%s" $.comment.Issue.PullRequest.BaseRepo.Link (PathEscape .ID.String) }}
-		<span class="mono commit-summary {{if gt .ParentCount 1}} grey text{{end}}" title="{{.Summary}}">{{RenderCommitMessageLinkSubject $.root.Context .Message ($.comment.Issue.PullRequest.BaseRepo.Link|Escape) $commitLink $.comment.Issue.PullRequest.BaseRepo.ComposeMetas}}</span>
+		<span class="mono commit-summary {{if gt .ParentCount 1}} grey text{{end}}" title="{{.Summary}}">{{RenderCommitMessageLinkSubject $.root.Context $.root.locale .Message ($.comment.Issue.PullRequest.BaseRepo.Link|Escape) $commitLink $.comment.Issue.PullRequest.BaseRepo.ComposeMetas}}</span>
 		{{if IsMultilineCommitMessage .Message}}
 			<button class="ui button ellipsis-button" aria-expanded="false">...</button>
 		{{end}}
 		{{if IsMultilineCommitMessage .Message}}
-			<pre class="commit-body" style="display: none;">{{RenderCommitBody $.root.Context .Message ($.comment.Issue.PullRequest.BaseRepo.Link|Escape) $.comment.Issue.PullRequest.BaseRepo.ComposeMetas}}</pre>
+			<pre class="commit-body" style="display: none;">{{RenderCommitBody $.root.Context $.root.locale .Message ($.comment.Issue.PullRequest.BaseRepo.Link|Escape) $.comment.Issue.PullRequest.BaseRepo.ComposeMetas}}</pre>
 		{{end}}
 	</div>
 {{end}}
diff --git a/templates/repo/diff/compare.tmpl b/templates/repo/diff/compare.tmpl
index 426ea737bda74..95d9e34ba638c 100644
--- a/templates/repo/diff/compare.tmpl
+++ b/templates/repo/diff/compare.tmpl
@@ -191,7 +191,7 @@
 				<div class="twelve wide column issue-title">
 					{{.locale.Tr "repo.pulls.has_pull_request" (Escape $.RepoLink) (Escape $.RepoRelPath) .PullRequest.Index | Safe}}
 					<h1>
-						<span id="issue-title">{{RenderIssueTitle $.Context .PullRequest.Issue.Title $.RepoLink $.Repository.ComposeMetas}}</span>
+						<span id="issue-title unicode-escaped">{{RenderIssueTitle $.Context $.locale .PullRequest.Issue.Title $.RepoLink $.Repository.ComposeMetas}}</span>
 						<span class="index">#{{.PullRequest.Issue.Index}}</span>
 					</h1>
 				</div>
diff --git a/templates/repo/graph/commits.tmpl b/templates/repo/graph/commits.tmpl
index 478121f27ce5a..b35fac4e5a378 100644
--- a/templates/repo/graph/commits.tmpl
+++ b/templates/repo/graph/commits.tmpl
@@ -1,4 +1,4 @@
-<div id="rev-container">
+<div id="rev-container" class="unicode-escaped">
 	<ul id="rev-list">
 		{{ range $commitI, $commit := .Graph.Commits }}
 			<li {{if $commit.Rev}}id="commit-{{$commit.Rev}}"{{end}} data-flow="{{$commit.Flow}}">
@@ -29,7 +29,7 @@
 						</a>
 					</span>
 					<span class="message dib ellipsis mr-2">
-						<span>{{RenderCommitMessage $.Context $commit.Subject $.RepoLink $.Repository.ComposeMetas}}</span>
+						<span>{{RenderCommitMessage $.Context $.locale $commit.Subject $.RepoLink $.Repository.ComposeMetas}}</span>
 					</span>
 					<span class="tags df ac">
 						{{range $commit.Refs}}
@@ -65,10 +65,10 @@
 								{{$userName = $commit.User.FullName}}
 							{{end}}
 							{{avatar $commit.User}}
-							<a href="{{$commit.User.HomeLink}}">{{$userName}}</a>
+							{{escapeAmbiguousLink $.locale $userName $commit.User.HomeLink}}
 						{{else}}
 							{{avatarByEmail $commit.Commit.Author.Email $userName}}
-							{{$userName}}
+							{{escapeAmbiguous $.locale $userName}}
 						{{end}}
 					</span>
 					<span class="time df ac">{{$commit.Date}}</span>
diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl
index 456515af33100..57c08971fc78d 100644
--- a/templates/repo/issue/view_title.tmpl
+++ b/templates/repo/issue/view_title.tmpl
@@ -6,7 +6,7 @@
 			</div>
 		{{end}}
 		<h1>
-			<span id="issue-title">{{RenderIssueTitle $.Context .Issue.Title $.RepoLink $.Repository.ComposeMetas}}</span>
+			<span id="issue-title" class="unicode-escaped">{{RenderIssueTitle $.Context $.locale .Issue.Title $.RepoLink $.Repository.ComposeMetas}}</span>
 			<span class="index">#{{.Issue.Index}}</span>
 			<div id="edit-title-input" class="ui input" style="display: none">
 				<input value="{{.Issue.Title}}" maxlength="255" autocomplete="off">
diff --git a/templates/repo/settings/protected_branch.tmpl b/templates/repo/settings/protected_branch.tmpl
index ff93218b20183..37466fd508e0b 100644
--- a/templates/repo/settings/protected_branch.tmpl
+++ b/templates/repo/settings/protected_branch.tmpl
@@ -49,7 +49,7 @@
 									{{range .Users}}
 										<div class="item" data-value="{{.ID}}">
 											{{avatar . 28 "mini"}}
-											{{.GetDisplayName}}
+											{{escapeAmbiguous $.locale .GetDisplayName}}
 										</div>
 									{{end}}
 								</div>
diff --git a/templates/repo/settings/tags.tmpl b/templates/repo/settings/tags.tmpl
index d18061c1158bf..b01c2025ce433 100644
--- a/templates/repo/settings/tags.tmpl
+++ b/templates/repo/settings/tags.tmpl
@@ -37,7 +37,7 @@
 											{{range .Users}}
 												<div class="item" data-value="{{.ID}}">
 													{{avatar . 28 "mini"}}
-													{{.GetDisplayName}}
+													{{escapeAmbiguous $.locale .GetDisplayName}}
 												</div>
 											{{end}}
 										</div>
diff --git a/templates/repo/view_list.tmpl b/templates/repo/view_list.tmpl
index bd26fac24c4d2..d600d5fafd410 100644
--- a/templates/repo/view_list.tmpl
+++ b/templates/repo/view_list.tmpl
@@ -1,4 +1,4 @@
-<table id="repo-files-table" class="ui single line table mt-0" data-last-commit-loader-url="{{.LastCommitLoaderURL}}">
+<table id="repo-files-table" class="ui single line table mt-0 unicode-escaped" data-last-commit-loader-url="{{.LastCommitLoaderURL}}">
 	<thead>
 		<tr class="commit-list">
 			<th colspan="2" {{if not .LatestCommit}}class="notready"{{end}}>
@@ -8,14 +8,16 @@
 					{{if .LatestCommitUser}}
 						{{avatar .LatestCommitUser 24}}
 						{{if .LatestCommitUser.FullName}}
-							<a class="muted" href="{{.LatestCommitUser.HomeLink}}"><strong>{{.LatestCommitUser.FullName}}</strong></a>
+							{{escapeAmbiguousLink $.locale .LatestCommitUser.FullName "class" "muted strong"}}
+						{{else if .LatestCommit.Author}}
+							{{escapeAmbiguousLink $.locale .LatestCommit.Author.Name "class" "muted strong"}}
 						{{else}}
-							<a class="muted" href="{{.LatestCommitUser.HomeLink}}"><strong>{{if .LatestCommit.Author}}{{.LatestCommit.Author.Name}}{{else}}{{.LatestCommitUser.Name}}{{end}}</strong></a>
+							<a class="muted strong" href="{{.LatestCommitUser.HomeLink}}">{{.LatestCommitUser.Name}}</a>
 						{{end}}
 					{{else}}
 						{{if .LatestCommit.Author}}
 							{{avatarByEmail .LatestCommit.Author.Email .LatestCommit.Author.Name 24}}
-							<strong>{{.LatestCommit.Author.Name}}</strong>
+							<strong>{{escapeAmbiguous $.locale .LatestCommit.Author.Name}}</strong>
 						{{end}}
 					{{end}}
 					<a rel="nofollow" class="ui sha label {{if .LatestCommit.Signature}} isSigned {{if .LatestCommitVerification.Verified }} isVerified{{if eq .LatestCommitVerification.TrustStatus "trusted"}}{{else if eq .LatestCommitVerification.TrustStatus "untrusted"}}Untrusted{{else}}Unmatched{{end}}{{else if .LatestCommitVerification.Warning}} isWarning{{end}}{{end}}" href="{{.RepoLink}}/commit/{{PathEscape .LatestCommit.ID.String}}">
@@ -26,10 +28,10 @@
 					</a>
 					{{template "repo/commit_statuses" dict "Status" .LatestCommitStatus "Statuses" .LatestCommitStatuses "root" $}}
 					{{ $commitLink:= printf "%s/commit/%s" .RepoLink (PathEscape .LatestCommit.ID.String) }}
-					<span class="grey commit-summary" title="{{.LatestCommit.Summary}}"><span class="message-wrapper">{{RenderCommitMessageLinkSubject $.Context .LatestCommit.Message $.RepoLink $commitLink $.Repository.ComposeMetas}}</span>
+					<span class="grey commit-summary" title="{{.LatestCommit.Summary}}"><span class="message-wrapper">{{RenderCommitMessageLinkSubject $.Context $.locale .LatestCommit.Message $.RepoLink $commitLink $.Repository.ComposeMetas}}</span>
 						{{if IsMultilineCommitMessage .LatestCommit.Message}}
 							<button class="ui button ellipsis-button" aria-expanded="false">...</button>
-							<pre class="commit-body" style="display: none;">{{RenderCommitBody $.Context .LatestCommit.Message $.RepoLink $.Repository.ComposeMetas}}</pre>
+							<pre class="commit-body" style="display: none;">{{RenderCommitBody $.Context $.locale .LatestCommit.Message $.RepoLink $.Repository.ComposeMetas}}</pre>
 						{{end}}
 					</span>
 				{{end}}
@@ -81,7 +83,7 @@
 					<span class="truncate">
 						{{if $commit}}
 							{{$commitLink := printf "%s/commit/%s" $.RepoLink (PathEscape $commit.ID.String)}}
-							{{RenderCommitMessageLinkSubject $.Context $commit.Message $.RepoLink $commitLink $.Repository.ComposeMetas}}
+							{{RenderCommitMessageLinkSubject $.Context $.locale $commit.Message $.RepoLink $commitLink $.Repository.ComposeMetas}}
 						{{else}}
 							<div class="ui active tiny slow centered inline">…</div>
 						{{end}}
diff --git a/templates/user/auth/activate.tmpl b/templates/user/auth/activate.tmpl
index eba9e3229b211..810ba2fb83865 100644
--- a/templates/user/auth/activate.tmpl
+++ b/templates/user/auth/activate.tmpl
@@ -7,7 +7,7 @@
 				<h2 class="ui top attached header">
 					{{.locale.Tr "auth.active_your_account"}}
 				</h2>
-				<div class="ui attached segment">
+				<div class="ui attached segment unicode-escaped">
 					{{template "base/alert" .}}
 					{{if .IsActivatePage}}
 						{{if .ServiceNotEnabled}}
@@ -15,7 +15,7 @@
 						{{else if .ResendLimited}}
 							<p class="center">{{.locale.Tr "auth.resent_limit_prompt"}}</p>
 						{{else}}
-							<p>{{.locale.Tr "auth.confirmation_mail_sent_prompt" (.SignedUser.Email|Escape) .ActiveCodeLives | Str2html}}</p>
+							<p>{{.locale.Tr "auth.confirmation_mail_sent_prompt" (escapeAmbiguous .locale .SignedUser.Email) .ActiveCodeLives | Str2html}}</p>
 						{{end}}
 					{{else}}
 						{{if .NeedsPassword}}
@@ -29,13 +29,13 @@
 							</div>
 							<input id="code" name="code" type="hidden" value="{{.Code}}">
 						{{else if .IsSendRegisterMail}}
-							<p>{{.locale.Tr "auth.confirmation_mail_sent_prompt" (.Email|Escape) .ActiveCodeLives | Str2html}}</p>
+							<p>{{.locale.Tr "auth.confirmation_mail_sent_prompt" (escapeAmbiguous .locale .Email) .ActiveCodeLives | Str2html}}</p>
 						{{else if .IsActivateFailed}}
 							<p>{{.locale.Tr "auth.invalid_code"}}</p>
 						{{else if .ManualActivationOnly}}
 							<p class="center">{{.locale.Tr "auth.manual_activation_only"}}</p>
 						{{else}}
-							<p>{{.locale.Tr "auth.has_unconfirmed_mail" (.SignedUser.Name|Escape) (.SignedUser.Email|Escape) | Str2html}}</p>
+							<p>{{.locale.Tr "auth.has_unconfirmed_mail" (escapeAmbiguous .locale .SignedUser.Name) (escapeAmbiguous .locale .SignedUser.Email) | Str2html}}</p>
 							<div class="ui divider"></div>
 							<div class="text right">
 								<button class="ui primary button">{{.locale.Tr "auth.resend_mail"}}</button>
diff --git a/templates/user/auth/forgot_passwd.tmpl b/templates/user/auth/forgot_passwd.tmpl
index cd42085e28335..61dd4b223e6fd 100644
--- a/templates/user/auth/forgot_passwd.tmpl
+++ b/templates/user/auth/forgot_passwd.tmpl
@@ -7,10 +7,10 @@
 				<h2 class="ui top attached header">
 					{{.locale.Tr "auth.forgot_password_title"}}
 				</h2>
-				<div class="ui attached segment">
+				<div class="ui attached segment unicode-escaped">
 					{{template "base/alert" .}}
 					{{if .IsResetSent}}
-						<p>{{.locale.Tr "auth.reset_password_mail_sent_prompt" (Escape .Email) .ResetPwdCodeLives | Str2html}}</p>
+						<p>{{.locale.Tr "auth.reset_password_mail_sent_prompt" (escapeAmbiguous .locale .Email) .ResetPwdCodeLives | Str2html}}</p>
 					{{else if .IsResetRequest}}
 						<div class="required inline field {{if .Err_Email}}error{{end}}">
 							<label for="email">{{.locale.Tr "email"}}</label>
diff --git a/templates/user/dashboard/feeds.tmpl b/templates/user/dashboard/feeds.tmpl
index 95e223925749d..dfe42ccbc3df0 100644
--- a/templates/user/dashboard/feeds.tmpl
+++ b/templates/user/dashboard/feeds.tmpl
@@ -91,7 +91,7 @@
 										{{avatarHTML ($push.AvatarLink .AuthorEmail) 16 "mr-2" .AuthorName}}
 										<a class="commit-id mr-2" href="{{$commitLink}}">{{ShortSha .Sha1}}</a>
 										<span class="text truncate light grey">
-											{{RenderCommitMessage $.Context .Message $repoLink $.ComposeMetas}}
+											{{RenderCommitMessage $.Context $.locale .Message $repoLink $.ComposeMetas}}
 										</span>
 									</li>
 								{{end}}
diff --git a/templates/user/profile.tmpl b/templates/user/profile.tmpl
index 2a973c2d5bc04..5c0a36262d394 100644
--- a/templates/user/profile.tmpl
+++ b/templates/user/profile.tmpl
@@ -3,7 +3,7 @@
 	<div class="ui container">
 		<div class="ui stackable grid">
 			<div class="ui five wide column">
-				<div class="ui card">
+				<div class="ui card unicode-escaped">
 					<div id="profile-avatar" class="content df"/>
 					{{if eq .SignedUserName .Owner.Name}}
 						<a class="image tooltip" href="{{AppSubUrl}}/user/settings" data-content="{{.locale.Tr "user.change_avatar"}}" data-position="bottom center">
@@ -16,7 +16,7 @@
 					{{end}}
 					</div>
 					<div class="content word-break profile-avatar-name">
-						{{if .Owner.FullName}}<span class="header text center">{{.Owner.FullName}}</span>{{end}}
+						{{if .Owner.FullName}}<span class="header text center">{{escapeAmbiguous .locale .Owner.FullName}}</span>{{end}}
 						<span class="username text center">{{.Owner.Name}}</span>
 						<a href="{{.Owner.HomeLink}}.rss"><i class="ui grey icon tooltip ml-3" data-content="{{.locale.Tr "rss_feed"}}" data-position="bottom center">{{svg "octicon-rss" 18}}</i></a>
 						<div class="mt-3">
@@ -26,23 +26,23 @@
 					<div class="extra content word-break">
 						<ul>
 							{{if .Owner.Location}}
-								<li>{{svg "octicon-location"}} {{.Owner.Location}}</li>
+								<li>{{svg "octicon-location"}} {{escapeAmbiguous .locale .Owner.Location}}</li>
 							{{end}}
 							{{if .ShowUserEmail }}
 								<li>
 									{{svg "octicon-mail"}}
-									<a href="mailto:{{.Owner.Email}}" rel="nofollow">{{.Owner.Email}}</a>
+									{{escapeAmbiguousLink .locale .Owner.Email (printf "mailto:%s" .Owner.Email) "rel" "nofollow"}}
 								</li>
 							{{end}}
 							{{if .Owner.Website}}
 								<li>
 									{{svg "octicon-link"}}
-									<a target="_blank" rel="noopener noreferrer me" href="{{.Owner.Website}}">{{.Owner.Website}}</a>
+									{{escapeAmbiguousLink .locale .Owner.Website .Owner.Website "target" "_blank" "rel" "noopener noreferrer me"}}
 								</li>
 							{{end}}
 							{{if $.RenderedDescription}}
 								<li>
-									<div class="render-content markup">{{$.RenderedDescription|Str2html}}</div>
+									<div class="render-content markup">{{escapeAmbiguousHTML .locale $.RenderedDescription}}</div>
 								</li>
 							{{end}}
 							{{range .OpenIDs}}
diff --git a/templates/user/settings/account.tmpl b/templates/user/settings/account.tmpl
index 53fd25313a832..5f1f231b587c8 100644
--- a/templates/user/settings/account.tmpl
+++ b/templates/user/settings/account.tmpl
@@ -41,7 +41,7 @@
 		<h4 class="ui top attached header">
 			{{.locale.Tr "settings.manage_emails"}}
 		</h4>
-		<div class="ui attached segment">
+		<div class="ui attached segment unicode-escaped">
 			<div class="ui email list">
 				{{if $.EnableNotifyMail}}
 				<div class="item">
@@ -106,7 +106,7 @@
 							</div>
 						{{end}}
 						<div class="content">
-							<strong>{{.Email}}</strong>
+							<strong>{{escapeAmbiguous $.locale .Email}}</strong>
 							{{if .IsPrimary}}
 								<div class="ui primary label">{{$.locale.Tr "settings.primary"}}</div>
 							{{end}}
diff --git a/templates/user/settings/keys_gpg.tmpl b/templates/user/settings/keys_gpg.tmpl
index fbb0da5302837..2046e89175a1a 100644
--- a/templates/user/settings/keys_gpg.tmpl
+++ b/templates/user/settings/keys_gpg.tmpl
@@ -39,7 +39,7 @@
 			</button>
 		</form>
 	</div>
-	<div class="ui key list mt-0">
+	<div class="ui key list mt-0 unicode-escaped">
 		<div class="item">
 			{{.locale.Tr "settings.gpg_desc"}}
 		</div>
@@ -61,7 +61,7 @@
 						<span class="tooltip" data-content="{{$.locale.Tr "settings.gpg_key_verified_long"}}">{{svg "octicon-shield-check"}} <strong>{{$.locale.Tr "settings.gpg_key_verified"}}</strong></span>
 					{{end}}
 					{{if gt (len .Emails) 0}}
-						<span class="tooltip" data-content="{{$.locale.Tr "settings.gpg_key_matched_identities_long"}}">{{svg "octicon-mail"}} {{$.locale.Tr "settings.gpg_key_matched_identities"}} {{range .Emails}}<strong>{{.Email}} </strong>{{end}}</span>
+						<span class="tooltip" data-content="{{$.locale.Tr "settings.gpg_key_matched_identities_long"}}">{{svg "octicon-mail"}} {{$.locale.Tr "settings.gpg_key_matched_identities"}} {{range .Emails}}<strong>{{escapeAmbiguous $.locale .Email}} </strong>{{end}}</span>
 					{{end}}
 					<div class="print meta">
 						<b>{{$.locale.Tr "settings.key_id"}}:</b> {{.KeyID}}
diff --git a/templates/user/settings/profile.tmpl b/templates/user/settings/profile.tmpl
index 87b6e37ed52ae..a353548ca0367 100644
--- a/templates/user/settings/profile.tmpl
+++ b/templates/user/settings/profile.tmpl
@@ -24,9 +24,9 @@
 					<label for="full_name">{{.locale.Tr "settings.full_name"}}</label>
 					<input id="full_name" name="full_name" value="{{.SignedUser.FullName}}">
 				</div>
-				<div class="field {{if .Err_Email}}error{{end}}">
+				<div class="field {{if .Err_Email}}error{{end}} unicode-escaped">
 					<label for="email">{{.locale.Tr "email"}}</label>
-					<p>{{.SignedUser.Email}}</p>
+					<p>{{escapeAmbiguous .locale .SignedUser.Email}}</p>
 				</div>
 				<div class="inline field">
 					<div class="ui checkbox" id="keep-email-private">
diff --git a/web_src/js/features/repo-unicode-escape.js b/web_src/js/features/repo-unicode-escape.js
index f97bcc7ee7ab0..0b04e7635d34c 100644
--- a/web_src/js/features/repo-unicode-escape.js
+++ b/web_src/js/features/repo-unicode-escape.js
@@ -16,15 +16,31 @@ export function initUnicodeEscapeButton() {
   $(document).on('click', 'a.toggle-escape-button', (e) => {
     e.preventDefault();
     const fileContent = $(e.target).parents('.file-content, .non-diff-file-content');
-    const fileView = fileContent.find('.file-code, .file-view');
-    if (fileView.hasClass('unicode-escaped')) {
-      fileView.removeClass('unicode-escaped');
-      fileContent.find('a.unescape-button').hide();
-      fileContent.find('a.escape-button').show();
-    } else {
+    if (fileContent.length) {
+      const fileView = fileContent.find('.file-code, .file-view');
+      if (fileView.hasClass('unicode-escaped')) {
+        fileView.removeClass('unicode-escaped');
+        fileContent.find('a.unescape-button').hide();
+        fileContent.find('a.escape-button').show();
+        return;
+      }
       fileView.addClass('unicode-escaped');
       fileContent.find('a.unescape-button').show();
       fileContent.find('a.escape-button').hide();
+      return;
+    }
+
+    const unicodeEscaped = $(e.target).parents('.unicode-escaped');
+    if (unicodeEscaped.length) {
+      unicodeEscaped.removeClass('unicode-escaped');
+      unicodeEscaped.addClass('not-unicode-escaped');
+      return;
+    }
+
+    const notUnicodeEscaped = $(e.target).parents('.not-unicode-escaped');
+    if (notUnicodeEscaped.length) {
+      notUnicodeEscaped.addClass('unicode-escaped');
+      notUnicodeEscaped.removeClass('not-unicode-escaped');
     }
   });
 }
diff --git a/web_src/js/features/tribute.js b/web_src/js/features/tribute.js
index 5678acdf47e1e..da675b743b48f 100644
--- a/web_src/js/features/tribute.js
+++ b/web_src/js/features/tribute.js
@@ -35,11 +35,13 @@ function makeCollections({mentions, emoji}) {
       values: window.config.tributeValues,
       requireLeadingSpace: true,
       menuItemTemplate: (item) => {
+        // WARNING: item.original.fullname is assumed to be safe for HTML
+        // This is the case head_script.tmpl because we use escapeAmbiguous
         return `
           <div class="tribute-item">
             <img src="${htmlEscape(item.original.avatar)}"/>
             <span class="name">${htmlEscape(item.original.name)}</span>
-            ${item.original.fullname && item.original.fullname !== '' ? `<span class="fullname">${htmlEscape(item.original.fullname)}</span>` : ''}
+            ${item.original.fullname && item.original.fullname !== '' ? `<span class="fullname">${item.original.fullname}</span>` : ''}
           </div>
         `;
       }
diff --git a/web_src/less/_base.less b/web_src/less/_base.less
index 17e9ccfd35bf6..363d4d0a3bf07 100644
--- a/web_src/less/_base.less
+++ b/web_src/less/_base.less
@@ -185,7 +185,8 @@ h2,
 h3,
 h4,
 h5,
-h6 {
+h6,
+.strong {
   font-weight: 600;
 }
 
@@ -2160,6 +2161,35 @@ table th[data-sortt-desc] {
   }
 }
 
+.unicode-escaped .escaped-code-point {
+  &[data-escaped]::before {
+    visibility: visible;
+    content: attr(data-escaped);
+    font-family: var(--fonts-monospace);
+    color: var(--color-red);
+  }
+
+  .char {
+    display: none;
+  }
+}
+
+.broken-code-point {
+  font-family: var(--fonts-monospace);
+  color: var(--color-blue);
+}
+
+.unicode-escaped .ambiguous-code-point {
+  border: 1px var(--color-yellow) solid;
+}
+
+a.toggle-escape-button::before {
+  visibility: visible;
+  content: '⚠️';
+  font-family: var(--fonts-emoji);
+  color: var(--color-red);
+}
+
 @media @mediaSm {
   .ui.stackable.menu:not(.no-vertical-tabs) {
     overflow-y: hidden;
diff --git a/web_src/less/_repository.less b/web_src/less/_repository.less
index 473d6f9dc7dd6..d89070c269d34 100644
--- a/web_src/less/_repository.less
+++ b/web_src/less/_repository.less
@@ -67,28 +67,6 @@
     min-width: 40% !important;
   }
 
-  .unicode-escaped .escaped-code-point {
-    &[data-escaped]::before {
-      visibility: visible;
-      content: attr(data-escaped);
-      font-family: var(--fonts-monospace);
-      color: var(--color-red);
-    }
-
-    .char {
-      display: none;
-    }
-  }
-
-  .broken-code-point {
-    font-family: var(--fonts-monospace);
-    color: var(--color-blue);
-  }
-
-  .unicode-escaped .ambiguous-code-point {
-    border: 1px var(--color-yellow) solid;
-  }
-
   .metas {
     .menu {
       overflow-x: auto;
diff --git a/web_src/less/_review.less b/web_src/less/_review.less
index 2fa8efd67e080..56b1aa0f7a45a 100644
--- a/web_src/less/_review.less
+++ b/web_src/less/_review.less
@@ -16,13 +16,6 @@
   }
 }
 
-.lines-escape a.toggle-escape-button::before {
-  visibility: visible;
-  content: '⚠️';
-  font-family: var(--fonts-emoji);
-  color: var(--color-red);
-}
-
 .repository .diff-file-box .code-diff td.lines-escape {
   padding-left: 0 !important;
 }