diff --git a/routers/api/v1/user/user.go b/routers/api/v1/user/user.go
index 0ab6eaf44..35d7da738 100644
--- a/routers/api/v1/user/user.go
+++ b/routers/api/v1/user/user.go
@@ -8,6 +8,7 @@ import (
"strings"
"github.com/Unknwon/com"
+ "github.com/gogits/gogs/pkg/markup"
api "code.gitea.io/sdk/gitea"
@@ -50,7 +51,7 @@ func Search(ctx *context.APIContext) {
ID: users[i].ID,
UserName: users[i].Name,
AvatarURL: users[i].AvatarLink(),
- FullName: users[i].FullName,
+ FullName: markup.Sanitize(users[i].FullName),
}
if ctx.IsSigned {
results[i].Email = users[i].Email
diff --git a/templates/repo/editor/commit_form.tmpl b/templates/repo/editor/commit_form.tmpl
index 43021ca59..7b7e2cf46 100644
--- a/templates/repo/editor/commit_form.tmpl
+++ b/templates/repo/editor/commit_form.tmpl
@@ -14,7 +14,8 @@
diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl
index 3f3b62e65..4650ba4c8 100644
--- a/templates/repo/issue/view_title.tmpl
+++ b/templates/repo/issue/view_title.tmpl
@@ -28,7 +28,7 @@
{{if .Issue.PullRequest.HasMerged}}
{{ $mergedStr:= TimeSince .Issue.PullRequest.Merged $.Lang }}
{{.Issue.PullRequest.Merger.Name}}
- {{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Safe}}
+ {{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Str2html}}
{{else}}
{{.Issue.Poster.Name}}
{{$.i18n.Tr "repo.pulls.title_desc" .NumCommits .HeadTarget .BaseTarget | Str2html}}