From b8f70a27a52e6a2c8021485bfc1522eb5071c39f Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Sun, 19 Feb 2017 19:18:06 +0800
Subject: [PATCH] Security: fix XSS attack on alert (#973)

---
 templates/base/alert.tmpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/base/alert.tmpl b/templates/base/alert.tmpl
index 8d05b882a7..61b99486e2 100644
--- a/templates/base/alert.tmpl
+++ b/templates/base/alert.tmpl
@@ -1,15 +1,15 @@
 {{if .Flash.ErrorMsg}}
 	<div class="ui negative message">
-		<p>{{.Flash.ErrorMsg | Safe}}</p>
+		<p>{{.Flash.ErrorMsg | Str2html}}</p>
 	</div>
 {{end}}
 {{if .Flash.SuccessMsg}}
 	<div class="ui positive message">
-		<p>{{.Flash.SuccessMsg | Safe}}</p>
+		<p>{{.Flash.SuccessMsg | Str2html}}</p>
 	</div>
 {{end}}
 {{if .Flash.InfoMsg}}
 	<div class="ui info message">
-		<p>{{.Flash.InfoMsg | Safe}}</p>
+		<p>{{.Flash.InfoMsg | Str2html}}</p>
 	</div>
 {{end}}