diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 63c165bc8b..918a6523ba 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -632,6 +632,11 @@ func JSEscape(raw string) string { return template.JSEscapeString(raw) } +// DotEscape wraps a dots in names with ZWJ [U+200D] in order to prevent autolinkers from detecting these as urls +func DotEscape(raw string) string { + return strings.ReplaceAll(raw, ".", "\u200d.\u200d") +} + // Sha1 returns sha1 sum of string func Sha1(str string) string { return base.EncodeSha1(str) diff --git a/services/mailer/mail.go b/services/mailer/mail.go index 8e04e7e4d2..1e90deb4c4 100644 --- a/services/mailer/mail.go +++ b/services/mailer/mail.go @@ -78,8 +78,9 @@ func sendUserMail(language string, u *user_model.User, tpl base.TplName, code, s "Code": code, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -128,8 +129,9 @@ func SendActivateEmailMail(u *user_model.User, email *user_model.EmailAddress) { "Email": email.Email, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -158,8 +160,9 @@ func SendRegisterNotifyMail(u *user_model.User) { "Username": u.Name, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -191,8 +194,9 @@ func SendCollaboratorMail(u, doer *user_model.User, repo *repo_model.Repository) "Link": repo.HTMLURL(), "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -275,8 +279,9 @@ func composeIssueCommentMessages(ctx *mailCommentContext, lang string, recipient "ReviewComments": reviewComments, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var mailSubject bytes.Buffer diff --git a/services/mailer/mail_release.go b/services/mailer/mail_release.go index 76dceb2387..b6bddeac04 100644 --- a/services/mailer/mail_release.go +++ b/services/mailer/mail_release.go @@ -75,8 +75,9 @@ func mailNewRelease(ctx context.Context, lang string, tos []string, rel *models. "Subject": subject, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var mailBody bytes.Buffer diff --git a/services/mailer/mail_repo.go b/services/mailer/mail_repo.go index 24e6d671f4..0abc666f1a 100644 --- a/services/mailer/mail_repo.go +++ b/services/mailer/mail_repo.go @@ -73,8 +73,9 @@ func sendRepoTransferNotifyMailPerLang(lang string, newOwner, doer *user_model.U "Language": locale.Language(), "Destination": destination, // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } if err := bodyTemplates.ExecuteTemplate(&content, string(mailRepoTransferNotify), data); err != nil { diff --git a/templates/mail/auth/activate.tmpl b/templates/mail/auth/activate.tmpl index 31e9a96882..5de3967bc4 100644 --- a/templates/mail/auth/activate.tmpl +++ b/templates/mail/auth/activate.tmpl @@ -2,12 +2,13 @@
-{{.i18n.Tr "mail.activate_account.text_1" .DisplayName AppName | Str2html}}
{{.i18n.Tr "mail.activate_account.text_1" (.DisplayName|DotEscape) AppName | Str2html}}
{{.i18n.Tr "mail.activate_account.text_2" .ActiveCodeLives | Str2html}}
{{.i18n.Tr "mail.link_not_working_do_paste"}}
diff --git a/templates/mail/auth/activate_email.tmpl b/templates/mail/auth/activate_email.tmpl index 8bd037ae4f..5c79798821 100644 --- a/templates/mail/auth/activate_email.tmpl +++ b/templates/mail/auth/activate_email.tmpl @@ -2,12 +2,13 @@ -{{.i18n.Tr "mail.hi_user_x" .DisplayName | Str2html}}
{{.i18n.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}
{{.i18n.Tr "mail.activate_email.text" .ActiveCodeLives | Str2html}}
{{.i18n.Tr "mail.link_not_working_do_paste"}}
diff --git a/templates/mail/auth/register_notify.tmpl b/templates/mail/auth/register_notify.tmpl index 45ca95f2c3..a32d8ce992 100644 --- a/templates/mail/auth/register_notify.tmpl +++ b/templates/mail/auth/register_notify.tmpl @@ -2,12 +2,13 @@ -{{.i18n.Tr "mail.hi_user_x" .DisplayName | Str2html}}
{{.i18n.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}
{{.i18n.Tr "mail.register_notify.text_1" AppName}}
{{.i18n.Tr "mail.register_notify.text_2" .Username}}
{{.i18n.Tr "mail.register_notify.text_3" ($set_pwd_url | Escape) | Str2html}}
{{.i18n.Tr "mail.hi_user_x" .DisplayName | Str2html}}
{{.i18n.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}
{{.i18n.Tr "mail.reset_password.text" .ResetPwdCodeLives | Str2html}}
{{.i18n.Tr "mail.link_not_working_do_paste"}}