diff --git a/models/topic.go b/models/topic.go index 3b1737f8a..5b07305f3 100644 --- a/models/topic.go +++ b/models/topic.go @@ -6,6 +6,7 @@ package models import ( "fmt" + "html/template" "strings" "code.gitea.io/gitea/modules/util" @@ -95,6 +96,10 @@ func FindTopics(opts *FindTopicOptions) (topics []*Topic, err error) { return topics, sess.Desc("topic.repo_count").Find(&topics) } +func validTopic(topicName string) string { + return strings.TrimSpace(template.HTMLEscapeString(template.JSEscapeString(topicName))) +} + // SaveTopics save topics to a repository func SaveTopics(repoID int64, topicNames ...string) error { topics, err := FindTopics(&FindTopicOptions{ @@ -113,7 +118,8 @@ func SaveTopics(repoID int64, topicNames ...string) error { var addedTopicNames []string for _, topicName := range topicNames { - if strings.TrimSpace(topicName) == "" { + topicName = validTopic(topicName) + if topicName == "" { continue } @@ -133,6 +139,11 @@ func SaveTopics(repoID int64, topicNames ...string) error { for _, t := range topics { var found bool for _, topicName := range topicNames { + topicName = validTopic(topicName) + if topicName == "" { + continue + } + if strings.EqualFold(topicName, t.Name) { found = true break diff --git a/public/js/index.js b/public/js/index.js index e98a3fe6d..fa5324d1e 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -2301,12 +2301,23 @@ function initNavbarContentToggle() { }); } +function pasteFilter(e) { + e.preventDefault(); + var contentOnBlur = (e.originalEvent || e).clipboardData.getData('text/plain'); + contentOnBlur = contentOnBlur.replace(/(<([^>]+)>)/ig,''); + document.execCommand('insertText', false, contentOnBlur); +} + function initTopicbar() { var mgrBtn = $("#manage_topic") var editDiv = $("#topic_edit") var viewDiv = $("#repo-topic") var saveBtn = $("#save_topic") + editDiv.on("paste", function(e){ + pasteFilter(e); + }); + mgrBtn.click(function() { viewDiv.hide(); editDiv.show();