mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-18 15:21:04 +00:00
ca798e4cc2
It's possible for reviews to not be assiocated with users, when they were migrated from another forge instance. In the migration code, there's no sanitization check for author names, so they could contain HTML tags and thus needs to be properely escaped.
8 lines
186 B
YAML
8 lines
186 B
YAML
-
|
|
id: 1000
|
|
type: 1
|
|
issue_id: 2
|
|
original_author: "Otto <script class='evil'>alert('Oh no!')</script>"
|
|
content: "XSS time!"
|
|
updated_unix: 1700000000
|
|
created_unix: 1700000000
|