From 09635b6b1292312434ead7216ed0a6ca2e566705 Mon Sep 17 00:00:00 2001
From: jolheiser <john.olheiser@gmail.com>
Date: Wed, 31 Jan 2024 21:43:52 -0600
Subject: [PATCH] [SECURITY] review(kn4ck3r): more template escapes

Signed-off-by: jolheiser <john.olheiser@gmail.com>
(cherry picked from commit 33af1692233c732291b175785e94e2ee022853e4)

Conflicts:
	templates/repo/migrate/migrating.tmpl
	templates/repo/settings/options.tmpl
	trivial context conflict
---
 templates/repo/migrate/migrating.tmpl | 6 +++---
 templates/repo/settings/options.tmpl  | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/templates/repo/migrate/migrating.tmpl b/templates/repo/migrate/migrating.tmpl
index 82ed660d92..98821ea7e1 100644
--- a/templates/repo/migrate/migrating.tmpl
+++ b/templates/repo/migrate/migrating.tmpl
@@ -21,12 +21,12 @@
 					<div class="ui stackable middle very relaxed page grid">
 						<div class="sixteen wide center aligned centered column">
 							<div id="repo_migrating_progress">
-								<p>{{.locale.Tr "repo.migrate.migrating" .CloneAddr | Safe}}</p>
+								<p>{{.locale.Tr "repo.migrate.migrating" (.CloneAddr | Escape) | Safe}}</p>
 								<p id="repo_migrating_progress_message"></p>
 							</div>
 							<div id="repo_migrating_failed" class="gt-hidden">
 								{{if .CloneAddr}}
-									<p>{{.locale.Tr "repo.migrate.migrating_failed" .CloneAddr | Safe}}</p>
+									<p>{{.locale.Tr "repo.migrate.migrating_failed" (.CloneAddr | Escape) | Safe}}</p>
 								{{else}}
 									<p>{{.locale.Tr "repo.migrate.migrating_failed_no_addr" | Safe}}</p>
 								{{end}}
@@ -57,7 +57,7 @@
 	<div class="content">
 		<div class="ui warning message">
 			{{.locale.Tr "repo.settings.delete_notices_1" | Safe}}<br>
-			{{.locale.Tr "repo.settings.delete_notices_2" .Repository.FullName | Safe}}
+			{{.locale.Tr "repo.settings.delete_notices_2" (.Repository.FullName | Escape) | Safe}}
 			{{if .Repository.NumForks}}<br>
 			{{.locale.Tr "repo.settings.delete_notices_fork_1"}}
 			{{end}}
diff --git a/templates/repo/settings/options.tmpl b/templates/repo/settings/options.tmpl
index a261ce95b5..9ee0dd127c 100644
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@@ -943,7 +943,7 @@
 		<div class="content">
 			<div class="ui warning message">
 				{{.locale.Tr "repo.settings.delete_notices_1" | Safe}}<br>
-				{{.locale.Tr "repo.settings.delete_notices_2" .Repository.FullName | Safe}}
+				{{.locale.Tr "repo.settings.delete_notices_2" (.Repository.FullName | Escape) | Safe}}
 				{{if .Repository.NumForks}}<br>
 				{{.locale.Tr "repo.settings.delete_notices_fork_1"}}
 				{{end}}
@@ -978,7 +978,7 @@
 		<div class="content">
 			<div class="ui warning message">
 				{{.locale.Tr "repo.settings.delete_notices_1" | Safe}}<br>
-				{{.locale.Tr "repo.settings.wiki_delete_notices_1" .Repository.Name | Safe}}
+				{{.locale.Tr "repo.settings.wiki_delete_notices_1" (.Repository.Name | Escape) | Safe}}
 			</div>
 			<form class="ui form" action="{{.Link}}" method="post">
 				{{.CsrfTokenHtml}}