Commit Graph

8 Commits

Author SHA1 Message Date
zeripath
bbffcc3aec
Multiple Escaping Improvements (#17551)
There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this.
    
This is an extensive PR attempting to fix these issues.

1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping.
2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand.
3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future. 
4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.)
5. The title generation in feeds is now properly escaped.
6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-16 18:18:25 +00:00
WeebDataHoarder
de0986d782
Removes dangling < on emails/list.tmpl (#13970)
This dangling character was leftover from commit c85bb62635 from PR #13860
2020-12-13 10:48:03 +08:00
silverwind
c85bb62635
Replace more icons with SVG, repo search tweaks (#13860)
* Replace more icons with SVG

- Replace remaining icons on admin page with SVG
- Fix vertical menu background on arc-green
- Minor improvments to frontpage repo search
- More icon replacements here and there

* fix integration

* whitespace tweak

* add comment

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-09 14:03:19 -05:00
silverwind
b1cf7f4df1
Add class to page content to unify top margin (#13766)
* Add class to page content to unify top margin

Previously pages would individually set this margin but some didn't so
content would stick to the header without any space. Resolve this by
adding a new class that is added on all pages. The only place where we
remove this margin again is on the pages with menu or wrapper in the
header.

* fix admin notices

* fix team pages

* fix loading segment on gitgraph for arc-green

* fix last missing case

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-30 23:00:14 -05:00
silverwind
2ac112d84e
Comment box tweaks and SVG dropdown triangles (#13376)
* Comment box tweaks and SVG dropdown triangles

- Change all dropdown triangles to SVG
- Bring inline review comment box closer to regular comment boxes
- Enhance arc-green checkbox contrast
- Minor reaction tweaks
- Flexbox the diff file header

* remove a border

* fix type marker in arc-green

* add small code padding

* fix position regression and remove useless rules

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-31 18:15:11 -04:00
6543
c86478ec47
[UI] Sortable Tables Header By Click (#7980)
* [UI] Sortable Tables Header By Click

* get rid of padding above header

* restart CI

* fix lint

* convert getArrow JS to SortArrow go func

* addopt SortArrow funct

* suggestions from @silverwind - tablesort.js

Co-authored-by: silverwind <me@silverwind.io>

* Update web_src/js/features/tablesort.js

Co-authored-by: silverwind <me@silverwind.io>

* Update web_src/js/features/tablesort.js

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: silverwind <me@silverwind.io>
2020-06-24 23:23:05 +01:00
zeripath
aa29f1c2b9
Ensure search action button coalesced to adjacent input (#11385)
Fomantic-ui's action button syntax requires that the button is
the next sibling of the input it is attached to and that they
are both children of a div.action.

Fix #11375

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-05-12 15:08:43 -04:00
guillep2k
5e1438ba92
Admin page for managing user e-mail activation (#10557)
* Implement mail activation admin panel

* Add export comments

* Fix another export comment

* again...

* And again!

* Apply suggestions by @lunny

* Add UI for user activated emails

* Make new activation UI work

* Fix lint

* Prevent admin from self-deactivate; add modal

Co-authored-by: zeripath <art27@cantab.net>
2020-03-02 15:25:36 -03:00