loading up the forgejo repo on tangled to test page performance
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge pull request 'fix: Don't double escape delete branch text' (#5615) from gusted/forgejo-avoid-double-escape into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5615
Reviewed-by: Otto <otto@codeberg.org>

Gusted b43d9d5a e2354703

+35 -1
+1 -1
templates/repo/issue/view_content/pull.tmpl
··· 214 214 const mergeForm = { 215 215 'baseLink': {{.Link}}, 216 216 'textCancel': {{ctx.Locale.Tr "cancel"}}, 217 - 'textDeleteBranch': {{ctx.Locale.Tr "repo.branch.delete" .HeadTarget}}, 217 + 'textDeleteBranch': {{ctx.Locale.TrString "repo.branch.delete" .HeadTarget}}, 218 218 'textAutoMergeButtonWhenSucceed': {{ctx.Locale.Tr "repo.pulls.auto_merge_button_when_succeed"}}, 219 219 'textAutoMergeWhenSucceed': {{ctx.Locale.Tr "repo.pulls.auto_merge_when_succeed"}}, 220 220 'textAutoMergeCancelSchedule': {{ctx.Locale.Tr "repo.pulls.auto_merge_cancel_schedule"}},
+34
web_src/js/components/PullRequestMergeForm.test.js
··· 1 + // Copyright 2024 The Forgejo Authors. All rights reserved. 2 + // SPDX-License-Identifier: MIT 3 + import {flushPromises, mount} from '@vue/test-utils'; 4 + import PullRequestMergeForm from './PullRequestMergeForm.vue'; 5 + 6 + async function renderMergeForm(branchName) { 7 + window.config.pageData.pullRequestMergeForm = { 8 + textDeleteBranch: `Delete branch "${branchName}"`, 9 + textDoMerge: 'Merge', 10 + defaultMergeStyle: 'merge', 11 + isPullBranchDeletable: true, 12 + canMergeNow: true, 13 + mergeStyles: [{ 14 + 'name': 'merge', 15 + 'allowed': true, 16 + 'textDoMerge': 'Merge', 17 + 'mergeTitleFieldText': 'Merge PR', 18 + 'mergeMessageFieldText': 'Description', 19 + 'hideAutoMerge': 'Hide this message', 20 + }], 21 + }; 22 + const mergeform = mount(PullRequestMergeForm); 23 + mergeform.get('.merge-button').trigger('click'); 24 + await flushPromises(); 25 + return mergeform; 26 + } 27 + 28 + test('renders escaped branch name', async () => { 29 + let mergeform = await renderMergeForm('<b>evil</b>'); 30 + expect(mergeform.get('label[for="delete-branch-after-merge"]').text()).toBe('Delete branch "<b>evil</b>"'); 31 + 32 + mergeform = await renderMergeForm('<script class="evil">alert("evil message");</script>'); 33 + expect(mergeform.get('label[for="delete-branch-after-merge"]').text()).toBe('Delete branch "<script class="evil">alert("evil message");</script>"'); 34 + });