chore: rename SafeHTML to TrustHTML (#11481)

Naming is less confusing this way, might not give the impression this will sanitize HTML to safe HTML. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11481 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de> Co-committed-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
2026-05-13 06:20:24 +00:00 · 2026-03-08 02:41:37 +01:00 · 2026-03-08 02:41:37 +01:00 · c357be8b52
commit c357be8b52
parent 4b7eb821ff
15 changed files with 25 additions and 25 deletions
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@ -54,7 +54,7 @@ func NewFuncMap() template.FuncMap {
 		// html/template related functions
 		"dict":         dict, // it's lowercase because this name has been widely used. Our other functions should have uppercase names.
 		"Eval":         Eval,
-		"SafeHTML":     SafeHTML,
+		"TrustHTML":    TrustHTML,
 		"HTMLFormat":   HTMLFormat,
 		"HTMLEscape":   HTMLEscape,
 		"QueryEscape":  QueryEscape,
@ -240,8 +240,8 @@ func HTMLFormat(s string, rawArgs ...any) template.HTML {
 	return template.HTML(fmt.Sprintf(s, args...))
 }

-// SafeHTML render raw as HTML
-func SafeHTML(s any) template.HTML {
+// TrustHTML render raw as HTML
+func TrustHTML(s any) template.HTML {
 	switch v := s.(type) {
 	case string:
 		return template.HTML(v)
--- a/templates/admin/packages/list.tmpl
+++ b/templates/admin/packages/list.tmpl
@ -89,7 +89,7 @@
 		{{ctx.Locale.Tr "packages.settings.delete"}}
 	</div>
 	<div class="content">
-		{{ctx.Locale.Tr "packages.settings.delete.notice" (`<span class="name"></span>`|SafeHTML) (`<span class="dataVersion"></span>`|SafeHTML)}}
+		{{ctx.Locale.Tr "packages.settings.delete.notice" (`<span class="name"></span>`|TrustHTML) (`<span class="dataVersion"></span>`|TrustHTML)}}
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
--- a/templates/admin/repo/list.tmpl
+++ b/templates/admin/repo/list.tmpl
@ -103,7 +103,7 @@
 	</div>
 	<div class="content">
 		<p>{{ctx.Locale.Tr "repo.settings.delete_desc"}}</p>
-		{{ctx.Locale.Tr "repo.settings.delete_notices_2" (`<span class="name"></span>`|SafeHTML)}}<br>
+		{{ctx.Locale.Tr "repo.settings.delete_notices_2" (`<span class="name"></span>`|TrustHTML)}}<br>
 		{{ctx.Locale.Tr "repo.settings.delete_notices_fork_1"}}<br>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
--- a/templates/admin/stacktrace.tmpl
+++ b/templates/admin/stacktrace.tmpl
@ -40,7 +40,7 @@
 		{{ctx.Locale.Tr "admin.monitor.process.cancel"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "admin.monitor.process.cancel_notices" (`<span class="name"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "admin.monitor.process.cancel_notices" (`<span class="name"></span>`|TrustHTML)}}</p>
 		<p>{{ctx.Locale.Tr "admin.monitor.process.cancel_desc"}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
--- a/templates/org/member/members.tmpl
+++ b/templates/org/member/members.tmpl
@ -74,7 +74,7 @@
 		{{ctx.Locale.Tr "org.members.leave"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.members.leave.detail" (`<span class="dataOrganizationName"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.members.leave.detail" (`<span class="dataOrganizationName"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
@ -83,7 +83,7 @@
 		{{ctx.Locale.Tr "org.members.remove"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.members.remove.detail" (`<span class="name"></span>`|SafeHTML) (`<span class="dataOrganizationName"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.members.remove.detail" (`<span class="name"></span>`|TrustHTML) (`<span class="dataOrganizationName"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
--- a/templates/org/team/members.tmpl
+++ b/templates/org/team/members.tmpl
@ -79,7 +79,7 @@
 		{{ctx.Locale.Tr "org.members.remove"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.members.remove.detail" (`<span class="name"></span>`|SafeHTML) (`<span class="dataTeamName"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.members.remove.detail" (`<span class="name"></span>`|TrustHTML) (`<span class="dataTeamName"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
--- a/templates/org/team/sidebar.tmpl
+++ b/templates/org/team/sidebar.tmpl
@ -84,7 +84,7 @@
 		{{ctx.Locale.Tr "org.teams.leave"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.teams.leave.detail" (`<span class="name"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.teams.leave.detail" (`<span class="name"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
--- a/templates/org/team/teams.tmpl
+++ b/templates/org/team/teams.tmpl
@ -48,7 +48,7 @@
 		{{ctx.Locale.Tr "org.teams.leave"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.teams.leave.detail" (`<span class="name"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.teams.leave.detail" (`<span class="name"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
--- a/templates/repo/pulse.tmpl
+++ b/templates/repo/pulse.tmpl
@ -35,7 +35,7 @@
 				<a class="table-cell tiny tw-bg-grey"></a>
 			</div>
 			{{end}}
-			{{ctx.Locale.TrPluralString .Activity.ActivePRCount "pulse.n_active_prs" (printf "<strong>%d</strong>" .Activity.ActivePRCount | SafeHTML)}}
+			{{ctx.Locale.TrPluralString .Activity.ActivePRCount "pulse.n_active_prs" (printf "<strong>%d</strong>" .Activity.ActivePRCount | TrustHTML)}}
 		</div>
 	{{end}}
 	{{if .Permission.CanRead $.UnitTypeIssues}}
@ -52,7 +52,7 @@
 				<a class="table-cell tiny tw-bg-grey"></a>
 			</div>
 			{{end}}
-			{{ctx.Locale.TrPluralString .Activity.ActiveIssueCount "pulse.n_active_issues" (printf "<strong>%d</strong>" .Activity.ActiveIssueCount | SafeHTML)}}
+			{{ctx.Locale.TrPluralString .Activity.ActiveIssueCount "pulse.n_active_issues" (printf "<strong>%d</strong>" .Activity.ActiveIssueCount | TrustHTML)}}
 		</div>
 	{{end}}
 </div>
--- a/templates/repo/settings/lfs_file.tmpl
+++ b/templates/repo/settings/lfs_file.tmpl
@ -15,9 +15,9 @@
 				{{template "repo/unicode_escape_prompt" dict "EscapeStatus" .EscapeStatus "root" $}}
 				<div class="file-view{{if .IsMarkup}} markup {{.MarkupType}}{{else if .IsPlainText}} plain-text{{else if .IsTextFile}} code-view{{end}}">
 					{{if .IsMarkup}}
-						{{if .FileContent}}{{.FileContent | SafeHTML}}{{end}}
+						{{if .FileContent}}{{.FileContent | TrustHTML}}{{end}}
 					{{else if .IsPlainText}}
-						<pre>{{if .FileContent}}{{.FileContent | SafeHTML}}{{end}}</pre>
+						<pre>{{if .FileContent}}{{.FileContent | TrustHTML}}{{end}}</pre>
 					{{else if not .IsTextFile}}
 						<div class="view-raw">
 							{{if .IsImageFile}}
--- a/templates/repo/sub_menu.tmpl
+++ b/templates/repo/sub_menu.tmpl
@ -3,14 +3,14 @@
 	<div class="ui segment repository-menu">
 		{{if and (.Permission.CanRead $.UnitTypeCode) (not .IsEmptyRepo)}}
 			<a class="item muted {{if .PageIsCommits}}active{{end}}" href="{{.RepoLink}}/commits/{{.BranchNameSubURL}}">
-				{{svg "octicon-history"}} {{ctx.Locale.TrN .CommitsCount "repo.n_commit_one" "repo.n_commit_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .CommitsCount) | SafeHTML)}}
+				{{svg "octicon-history"}} {{ctx.Locale.TrN .CommitsCount "repo.n_commit_one" "repo.n_commit_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .CommitsCount) | TrustHTML)}}
 			</a>
 			<a class="item muted {{if .PageIsBranches}}active{{end}}" href="{{.RepoLink}}/branches">
-				{{svg "octicon-git-branch"}} {{ctx.Locale.TrN .BranchesCount "repo.n_branch_one" "repo.n_branch_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .BranchesCount) | SafeHTML)}}
+				{{svg "octicon-git-branch"}} {{ctx.Locale.TrN .BranchesCount "repo.n_branch_one" "repo.n_branch_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .BranchesCount) | TrustHTML)}}
 			</a>
 			{{if $.Permission.CanRead $.UnitTypeCode}}
 				<a class="item muted {{if .PageIsTagList}}active{{end}}" href="{{.RepoLink}}/tags">
-					{{svg "octicon-tag"}} {{ctx.Locale.TrN .NumTags "repo.n_tag_one" "repo.n_tag_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .NumTags) | SafeHTML)}}
+					{{svg "octicon-tag"}} {{ctx.Locale.TrN .NumTags "repo.n_tag_one" "repo.n_tag_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .NumTags) | TrustHTML)}}
 				</a>
 			{{end}}
 			<span class="item" {{if not (eq .Repository.Size 0)}}data-tooltip-content="{{.Repository.SizeDetailsString ctx.Locale}}"{{end}}>
--- a/templates/repo/wiki/view.tmpl
+++ b/templates/repo/wiki/view.tmpl
@ -76,13 +76,13 @@
 		<div class="wiki-content-parts">
 			{{if .sidebarTocContent}}
 			<div class="markup wiki-content-sidebar wiki-content-toc">
-				{{.sidebarTocContent | SafeHTML}}
+				{{.sidebarTocContent | TrustHTML}}
 			</div>
 			{{end}}

 			<div class="file-view markup wiki-content-main {{if or .sidebarTocContent .sidebarPresent}}with-sidebar{{end}}">
 				{{template "repo/unicode_escape_prompt" dict "EscapeStatus" .EscapeStatus "root" $}}
-				{{.content | SafeHTML}}
+				{{.content | TrustHTML}}
 			</div>

 			{{if .sidebarPresent}}
@ -91,7 +91,7 @@
 				{{if and .CanWriteWiki (not .Repository.IsMirror)}}
 					<a class="tw-float-right muted" href="{{.RepoLink}}/wiki/_Sidebar?action=_edit" aria-label="{{ctx.Locale.Tr "repo.wiki.edit_page_button"}}">{{svg "octicon-pencil"}}</a>
 				{{end}}
-				{{.sidebarContent | SafeHTML}}
+				{{.sidebarContent | TrustHTML}}
 			</div>
 			{{end}}

@ -103,7 +103,7 @@
 				{{if and .CanWriteWiki (not .Repository.IsMirror)}}
 					<a class="tw-float-right muted" href="{{.RepoLink}}/wiki/_Footer?action=_edit" aria-label="{{ctx.Locale.Tr "repo.wiki.edit_page_button"}}">{{svg "octicon-pencil"}}</a>
 				{{end}}
-				{{.footerContent | SafeHTML}}
+				{{.footerContent | TrustHTML}}
 			</div>
 			{{end}}
 		</div>
--- a/templates/user/settings/organization.tmpl
+++ b/templates/user/settings/organization.tmpl
@ -46,7 +46,7 @@
 		{{ctx.Locale.Tr "org.members.leave"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.members.leave.detail" (`<span class="dataOrganizationName"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.members.leave.detail" (`<span class="dataOrganizationName"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
--- a/templates/webhook/new/matrix.tmpl
+++ b/templates/webhook/new/matrix.tmpl
@ -13,7 +13,7 @@
 	<div class="required field {{if .Err_Room}}error{{end}}">
 		<label for="room_id">{{ctx.Locale.Tr "repo.settings.matrix.room_id"}}</label>
 		<input id="room_id" name="room_id" type="text" value="{{.HookMetadata.Room}}" placeholder="!opaque_id" pattern="!.+" maxlength="255" required>
-		<span class="help">{{ctx.Locale.Tr "repo.settings.matrix.room_id_helper" ("<code>!opaque_id:example.org</code>"|SafeHTML)}}</span>
+		<span class="help">{{ctx.Locale.Tr "repo.settings.matrix.room_id_helper" ("<code>!opaque_id:example.org</code>"|TrustHTML)}}</span>
 	</div>
 	<div class="field">
 		<label>{{ctx.Locale.Tr "repo.settings.matrix.message_type"}}</label>
--- a/templates/webhook/shared-settings.tmpl
+++ b/templates/webhook/shared-settings.tmpl
@ -192,7 +192,7 @@
 	<div class="field {{if .Err_AuthorizationHeader}}error{{end}}">
 		<label for="authorization_header">{{ctx.Locale.Tr "repo.settings.authorization_header"}}</label>
 		<input id="authorization_header" name="authorization_header" type="text" value="{{.Webhook.HeaderAuthorization}}">
-		<span class="help">{{ctx.Locale.Tr "repo.settings.authorization_header_desc" ("<code>Bearer token123456</code>, <code>Basic YWxhZGRpbjpvcGVuc2VzYW1l</code>" | SafeHTML)}}</span>
+		<span class="help">{{ctx.Locale.Tr "repo.settings.authorization_header_desc" ("<code>Bearer token123456</code>, <code>Basic YWxhZGRpbjpvcGVuc2VzYW1l</code>" | TrustHTML)}}</span>
 	</div>
 {{end}}