Merge branch 'main' into patch2

Author: NorthRealm

modules/htmlutil/html.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"html/template"
 	"slices"
+	"strings"
 )
 
 // ParseSizeAndClass get size and class from string with default values
@@ -31,6 +32,9 @@ func ParseSizeAndClass(defaultSize int, defaultClass string, others ...any) (int
 }
 
 func HTMLFormat(s template.HTML, rawArgs ...any) template.HTML {
+	if !strings.Contains(string(s), "%") || len(rawArgs) == 0 {
+		panic("HTMLFormat requires one or more arguments")
+	}
 	args := slices.Clone(rawArgs)
 	for i, v := range args {
 		switch v := v.(type) {

modules/markup/markdown/math/block_renderer.go

@@ -51,8 +51,8 @@ func (r *BlockRenderer) writeLines(w util.BufWriter, source []byte, n gast.Node)
 func (r *BlockRenderer) renderBlock(w util.BufWriter, source []byte, node gast.Node, entering bool) (gast.WalkStatus, error) {
 	n := node.(*Block)
 	if entering {
-		code := giteaUtil.Iif(n.Inline, "", `<pre class="code-block is-loading">`) + `<code class="language-math display">`
-		_ = r.renderInternal.FormatWithSafeAttrs(w, template.HTML(code))
+		codeHTML := giteaUtil.Iif[template.HTML](n.Inline, "", `<pre class="code-block is-loading">`) + `<code class="language-math display">`
+		_, _ = w.WriteString(string(r.renderInternal.ProtectSafeAttrs(codeHTML)))
 		r.writeLines(w, source, n)
 	} else {
 		_, _ = w.WriteString(`</code>` + giteaUtil.Iif(n.Inline, "", `</pre>`) + "\n")

modules/markup/markdown/math/inline_renderer.go

@@ -28,7 +28,7 @@ func NewInlineRenderer(renderInternal *internal.RenderInternal) renderer.NodeRen
 
 func (r *InlineRenderer) renderInline(w util.BufWriter, source []byte, n ast.Node, entering bool) (ast.WalkStatus, error) {
 	if entering {
-		_ = r.renderInternal.FormatWithSafeAttrs(w, `<code class="language-math">`)
+		_, _ = w.WriteString(string(r.renderInternal.ProtectSafeAttrs(`<code class="language-math">`)))
 		for c := n.FirstChild(); c != nil; c = c.NextSibling() {
 			segment := c.(*ast.Text).Segment
 			value := util.EscapeHTML(segment.Value(source))

modules/templates/helper.go

@@ -6,7 +6,6 @@ package templates
 
 import (
 	"fmt"
-	"html"
 	"html/template"
 	"net/url"
 	"strconv"
@@ -38,9 +37,7 @@ func NewFuncMap() template.FuncMap {
 		"dict":         dict, // it's lowercase because this name has been widely used. Our other functions should have uppercase names.
 		"Iif":          iif,
 		"Eval":         evalTokens,
-		"SafeHTML":     safeHTML,
 		"HTMLFormat":   htmlFormat,
-		"HTMLEscape":   htmlEscape,
 		"QueryEscape":  queryEscape,
 		"QueryBuild":   QueryBuild,
 		"JSEscape":     jsEscapeSafe,
@@ -165,32 +162,11 @@ func NewFuncMap() template.FuncMap {
 	}
 }
 
-// safeHTML render raw as HTML
-func safeHTML(s any) template.HTML {
-	switch v := s.(type) {
-	case string:
-		return template.HTML(v)
-	case template.HTML:
-		return v
-	}
-	panic(fmt.Sprintf("unexpected type %T", s))
-}
-
 // SanitizeHTML sanitizes the input by default sanitization rules.
 func SanitizeHTML(s string) template.HTML {
 	return markup.Sanitize(s)
 }
 
-func htmlEscape(s any) template.HTML {
-	switch v := s.(type) {
-	case string:
-		return template.HTML(html.EscapeString(v))
-	case template.HTML:
-		return v
-	}
-	panic(fmt.Sprintf("unexpected type %T", s))
-}
-
 func htmlFormat(s any, args ...any) template.HTML {
 	if len(args) == 0 {
 		// to prevent developers from calling "HTMLFormat $userInput" by mistake which will lead to XSS

options/locale/locale_cs-CZ.ini

@@ -1368,6 +1368,7 @@ editor.require_signed_commit=Větev vyžaduje podepsaný commit
 editor.cherry_pick=Cherry-pick %s na:
 editor.revert=Vrátit %s na:
 
+
 commits.desc=Procházet historii změn zdrojového kódu.
 commits.commits=Commity
 commits.no_commits=Žádné společné commity. „%s“ a „%s“ mají zcela odlišnou historii.

options/locale/locale_de-DE.ini

@@ -1228,7 +1228,6 @@ migrate.migrating_issues=Issues werden migriert
 migrate.migrating_pulls=Pull Requests werden migriert
 migrate.cancel_migrating_title=Migration abbrechen
 migrate.cancel_migrating_confirm=Möchtest du diese Migration abbrechen?
-migrating_status=Migrationstatus
 
 mirror_from=Mirror von
 forked_from=geforkt von
@@ -1392,6 +1391,7 @@ editor.require_signed_commit=Branch erfordert einen signierten Commit
 editor.cherry_pick=Cherry-Picke %s von:
 editor.revert=%s zurücksetzen auf:
 
+
 commits.desc=Durchsuche die Quellcode-Änderungshistorie.
 commits.commits=Commits
 commits.no_commits=Keine gemeinsamen Commits. "%s" und "%s" haben vollständig unterschiedliche Historien.

options/locale/locale_el-GR.ini

@@ -1226,6 +1226,7 @@ editor.require_signed_commit=Ο κλάδος απαιτεί υπογεγραμμ
 editor.cherry_pick=Ανθολόγηση (cherry-pic) του %s στο:
 editor.revert=Απόσυρση του %s στο:
 
+
 commits.desc=Δείτε το ιστορικό αλλαγών του πηγαίου κώδικα.
 commits.commits=Υποβολές
 commits.no_commits=Δεν υπάρχουν κοινές υποβολές. Τα "%s" και "%s" έχουν εντελώς διαφορετικές ιστορίες.

options/locale/locale_en-US.ini

@@ -1229,7 +1229,7 @@ migrate.migrating_issues = Migrating Issues
 migrate.migrating_pulls = Migrating Pull Requests
 migrate.cancel_migrating_title = Cancel Migration
 migrate.cancel_migrating_confirm = Do you want to cancel this migration?
-migrating_status = Migrating status
+migration_status = Migration status
 
 mirror_from = mirror of
 forked_from = forked from
@@ -3839,6 +3839,7 @@ runs.no_runs = The workflow has no runs yet.
 runs.empty_commit_message = (empty commit message)
 runs.expire_log_message = Logs have been purged because they were too old.
 runs.delete = Delete workflow run
+runs.cancel = Cancel workflow run
 runs.delete.description = Are you sure you want to permanently delete this workflow run? This action cannot be undone.
 runs.not_done = This workflow run is not done.
 runs.view_workflow_file = View workflow file

options/locale/locale_es-ES.ini

@@ -1216,6 +1216,7 @@ editor.require_signed_commit=Esta rama requiere un commit firmado
 editor.cherry_pick=Hacer Cherry-pick %s en:
 editor.revert=Revertir %s en:
 
+
 commits.desc=Ver el historial de cambios de código fuente.
 commits.commits=Commits
 commits.no_commits=No hay commits en común. "%s" y "%s" tienen historias totalmente diferentes.

options/locale/locale_fa-IR.ini

@@ -949,6 +949,7 @@ editor.no_commit_to_branch=نمی‌توان به طور مستقیم درمور
 editor.user_no_push_to_branch=کاربر نمیتواند به شاخه ارسال کند
 editor.require_signed_commit=شاخه یک کامیت امضا شده لازم دارد
 
+
 commits.desc=تاریخچه تغییرات کد منبع را مرور کنید.
 commits.commits=کامیت‌ها
 commits.nothing_to_compare=این شاخه ها برابرند.