More escaping

Signed-off-by: Andrew Thornton <[email protected]>

Author: zeripath

templates/mail/issue/default.tmpl

@@ -36,26 +36,26 @@
 	{{end}}
 	<p>
 		{{if eq .ActionName "close"}}
-			{{.i18n.Tr "mail.issue.action.close" .Doer.Name .Issue.Index | Str2html}}
+			{{.i18n.Tr "mail.issue.action.close" (Escape .Doer.Name) .Issue.Index | Str2html}}
 		{{else if eq .ActionName "reopen"}}
-			{{.i18n.Tr "mail.issue.action.reopen" .Doer.Name .Issue.Index | Str2html}}
+			{{.i18n.Tr "mail.issue.action.reopen" (Escape .Doer.Name) .Issue.Index | Str2html}}
 		{{else if eq .ActionName "merge"}}
-			{{.i18n.Tr "mail.issue.action.merge" .Doer.Name .Issue.Index .Issue.PullRequest.BaseBranch | Str2html}}
+			{{.i18n.Tr "mail.issue.action.merge" (Escape .Doer.Name) .Issue.Index (Escape .Issue.PullRequest.BaseBranch) | Str2html}}
 		{{else if eq .ActionName "approve"}}
-			{{.i18n.Tr "mail.issue.action.approve" .Doer.Name | Str2html}}
+			{{.i18n.Tr "mail.issue.action.approve" (Escape .Doer.Name) | Str2html}}
 		{{else if eq .ActionName "reject"}}
-			{{.i18n.Tr "mail.issue.action.reject" .Doer.Name | Str2html}}
+			{{.i18n.Tr "mail.issue.action.reject" (Escape .Doer.Name) | Str2html}}
 		{{else if eq .ActionName "review"}}
-			{{.i18n.Tr "mail.issue.action.review" .Doer.Name | Str2html}}
+			{{.i18n.Tr "mail.issue.action.review" (Escape .Doer.Name) | Str2html}}
 		{{else if eq .ActionName "review_dismissed"}}
-			{{.i18n.Tr "mail.issue.action.review_dismissed" .Doer.Name .Comment.Review.Reviewer.Name | Str2html}}
+			{{.i18n.Tr "mail.issue.action.review_dismissed" (Escape .Doer.Name) (Escape .Comment.Review.Reviewer.Name) | Str2html}}
 		{{else if eq .ActionName "ready_for_review"}}
-			{{.i18n.Tr "mail.issue.action.ready_for_review" .Doer.Name | Str2html}}
+			{{.i18n.Tr "mail.issue.action.ready_for_review" (Escape .Doer.Name) | Str2html}}
 		{{end}}
 
 		{{- if eq .Body ""}}
 			{{if eq .ActionName "new"}}
-				{{.i18n.Tr "mail.issue.action.new" .Doer.Name .Issue.Index | Str2html}}
+				{{.i18n.Tr "mail.issue.action.new" (Escape .Doer.Name) .Issue.Index | Str2html}}
 			{{end}}
 		{{else}}
 			{{.Body | Str2html}}

templates/repo/create.tmpl

@@ -11,7 +11,7 @@
 					{{template "base/alert" .}}
 
 					{{if not $.DisableMigrations}}
-						<p class="ui center">{{.i18n.Tr "repo.new_repo_helper" (printf "%s%s" AppSubUrl "/repo/migrate") | Safe}}</p>
+						<p class="ui center">{{.i18n.Tr "repo.new_repo_helper" ((printf "%s%s" AppSubUrl "/repo/migrate")|Escape) | Safe}}</p>
 					{{end}}
 
 					{{if not .CanCreateRepo}}

templates/repo/issue/view_content/comments.tmpl

@@ -158,7 +158,7 @@
 			{{if eq .RefAction 3}}</del>{{end}}
 
 			<div class="detail">
-				<span class="text grey"><a href="{{.RefIssueHTMLURL}}"><b>{{.RefIssueTitle | Str2html}}</b> {{.RefIssueIdent | Str2html}}</a></span>
+				<span class="text grey"><a href="{{.RefIssueHTMLURL}}"><b>{{.RefIssueTitle}}</b> {{.RefIssueIdent}}</a></span>
 			</div>
 		</div>
 	{{else if eq .Type 4}}

templates/user/dashboard/feeds.tmpl

@@ -15,7 +15,7 @@
 						{{if eq .GetOpType 1}}
 							{{$.i18n.Tr "action.create_repo" (.GetRepoLink|Escape) (.ShortRepoPath|Escape) | Str2html}}
 						{{else if eq .GetOpType 2}}
-							{{$.i18n.Tr "action.rename_repo" .GetContent (.GetRepoLink|Escape) (.ShortRepoPath|Escape) | Str2html}}
+							{{$.i18n.Tr "action.rename_repo" (.GetContent|Escape) (.GetRepoLink|Escape) (.ShortRepoPath|Escape) | Str2html}}
 						{{else if eq .GetOpType 5}}
 							{{ $branchLink := .GetBranch | PathEscapeSegments | Escape}}
 							{{if .Content}}