Escape HTML

2025-11-10 15:35:59 +01:00 · 2018-05-28 15:42:32 +09:00
parent d064ca85fb
commit c65c3e2c49
1 changed files with 2 additions and 2 deletions
--- a/src/main/scala/gitbucket/core/controller/IndexController.scala
+++ b/src/main/scala/gitbucket/core/controller/IndexController.scala
@@ -9,7 +9,7 @@ import gitbucket.core.model.Account
 import gitbucket.core.service._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.SyntaxSugars._
-import gitbucket.core.util.{Keys, LDAPUtil, ReferrerAuthenticator, UsersAuthenticator}
+import gitbucket.core.util._
 import org.scalatra.Ok
 import org.scalatra.forms._

@@ -208,7 +208,7 @@ trait IndexControllerBase extends ControllerBase {
            }
            .map { t =>
              Map(
-                "label" -> s"<b>@${t.userName}</b> ${t.fullName}",
+                "label" -> s"<b>@${StringUtil.escapeHtml(t.userName)}</b> ${StringUtil.escapeHtml(t.fullName)}",
                "value" -> t.userName
              )
            }