diff --git a/docs/content/administration/mail-templates.en-us.md b/docs/content/administration/mail-templates.en-us.md
index 0154fe55d..4026b8997 100644
--- a/docs/content/administration/mail-templates.en-us.md
+++ b/docs/content/administration/mail-templates.en-us.md
@@ -224,7 +224,7 @@ Please check [Gitea's logs](administration/logging-config.md) for error messages
{{if not (eq .Body "")}}
<h3>Message content</h3>
<hr>
- {{.Body | SanitizeHTML}}
+ {{.Body}}
{{end}}
</p>
<hr>
diff --git a/docs/content/administration/mail-templates.zh-cn.md b/docs/content/administration/mail-templates.zh-cn.md
index e8c281733..3c7c2a939 100644
--- a/docs/content/administration/mail-templates.zh-cn.md
+++ b/docs/content/administration/mail-templates.zh-cn.md
@@ -207,7 +207,7 @@ _主题_ 和 _邮件正文_ 由 [Golang的模板引擎](https://go.dev/pkg/text/
{{if not (eq .Body "")}}
<h3>消息内容:</h3>
<hr>
- {{.Body | SanitizeHTML}}
+ {{.Body}}
{{end}}
</p>
<hr>
diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 9afcb96fc..7ef051cc0 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -211,14 +211,8 @@ func SafeHTML(s any) template.HTML {
}
// SanitizeHTML sanitizes the input by pre-defined markdown rules
-func SanitizeHTML(s any) template.HTML {
- switch v := s.(type) {
- case string:
- return template.HTML(markup.Sanitize(v))
- case template.HTML:
- return template.HTML(markup.Sanitize(string(v)))
- }
- panic(fmt.Sprintf("unexpected type %T", s))
+func SanitizeHTML(s string) template.HTML {
+ return template.HTML(markup.Sanitize(s))
}
func HTMLEscape(s any) template.HTML {
diff --git a/modules/templates/helper_test.go b/modules/templates/helper_test.go
index 3365278ac..64f29d033 100644
--- a/modules/templates/helper_test.go
+++ b/modules/templates/helper_test.go
@@ -64,5 +64,4 @@ func TestHTMLFormat(t *testing.T) {
func TestSanitizeHTML(t *testing.T) {
assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`))
- assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(template.HTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`)))
}
diff --git a/templates/mail/issue/default.tmpl b/templates/mail/issue/default.tmpl
index 796dc403b..95a1555e8 100644
--- a/templates/mail/issue/default.tmpl
+++ b/templates/mail/issue/default.tmpl
@@ -58,7 +58,7 @@
{{.locale.Tr "mail.issue.action.new" .Doer.Name .Issue.Index}}
{{end}}
{{else}}
- {{.Body | SanitizeHTML}}
+ {{.Body}}
{{end -}}
{{- range .ReviewComments}}
<hr>
diff --git a/templates/repo/settings/webhook/base_list.tmpl b/templates/repo/settings/webhook/base_list.tmpl
index 00f9a48ba..e56929b70 100644
--- a/templates/repo/settings/webhook/base_list.tmpl
+++ b/templates/repo/settings/webhook/base_list.tmpl
@@ -10,7 +10,7 @@
<div class="ui attached segment">
<div class="ui list">
<div class="item">
- {{.Description | SanitizeHTML}}
+ {{.Description}}
</div>
{{range .Webhooks}}
<div class="item truncated-item-container">
diff --git a/templates/status/500.tmpl b/templates/status/500.tmpl
index d88078b4b..fb159ea36 100644
--- a/templates/status/500.tmpl
+++ b/templates/status/500.tmpl
@@ -1,5 +1,5 @@
{{/* This page should only depend the minimal template functions/variables, to avoid triggering new panics.
-* base template functions: AppName, AssetUrlPrefix, AssetVersion, AppSubUrl, ThemeName, SanitizeHTML
+* base template functions: AppName, AssetUrlPrefix, AssetVersion, AppSubUrl, ThemeName
* ctx.Locale
* .Flash
* .ErrorMsg