From 57cb23ac81dd43148d5e04618e780489216e49bb Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Fri, 17 Feb 2017 08:16:27 -0500
Subject: [PATCH] Security: fix XSS attack on alert

---
 templates/base/alert.tmpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/base/alert.tmpl b/templates/base/alert.tmpl
index 8d05b882..61b99486 100644
--- a/templates/base/alert.tmpl
+++ b/templates/base/alert.tmpl
@@ -1,15 +1,15 @@
 {{if .Flash.ErrorMsg}}
 	<div class="ui negative message">
-		<p>{{.Flash.ErrorMsg | Safe}}</p>
+		<p>{{.Flash.ErrorMsg | Str2html}}</p>
 	</div>
 {{end}}
 {{if .Flash.SuccessMsg}}
 	<div class="ui positive message">
-		<p>{{.Flash.SuccessMsg | Safe}}</p>
+		<p>{{.Flash.SuccessMsg | Str2html}}</p>
 	</div>
 {{end}}
 {{if .Flash.InfoMsg}}
 	<div class="ui info message">
-		<p>{{.Flash.InfoMsg | Safe}}</p>
+		<p>{{.Flash.InfoMsg | Str2html}}</p>
 	</div>
 {{end}}