forgejo/forgejo
forgejo/forgejo
109
3.8k
Fork 659
Code Issues 1.2k Pull requests 160 Releases 95 Packages 1 Activity Actions 24

fix(ui): hardcode sort options in search syntax hint, improve look #11381

Merged
0ko merged 6 commits from 0ko/ui-search-syntax-but-without-allowing-scripts into forgejo 2026-02-23 06:03:25 +01:00 AGit
Conversation 3 Commits 6 Files changed 4 +13 -30
0ko commented 2026-02-20 19:22:01 +01:00
Owner
Copy link

Followup to #9109

Fix issue reported by @mahlzahn that the string was confusing translators and they translated the part that wasn't meant to be translated
https://translate.codeberg.org/translate/forgejo/forgejo-next/en/?checksum=54d85b848166f618#translations
(this link is now broken because the string was replaced and weblate forgot it)

Part of this fix was to replace custom IterWithTr with simple dict iteration to allow for placeholders in strings.

Fix issue where <script>alert('🐸')</script> in locales would have been rendered. Similar to #7740. Locales are considered UGC as there are too many for developers to make sure they're not causing bugs, but in this case they are guarded by linter lint-locale.go. #11381 (comment)

Release notes

  • User Interface bug fixes
    • PR: fix(ui): hardcode sort options in search syntax hint, improve look
Followup to https://codeberg.org/forgejo/forgejo/pulls/9109 Fix issue reported by @mahlzahn that the string was confusing translators and they translated the part that wasn't meant to be translated https://translate.codeberg.org/translate/forgejo/forgejo-next/en/?checksum=54d85b848166f618#translations (this link is now broken because the string was replaced and weblate forgot it) Part of this fix was to replace custom IterWithTr with simple dict iteration to allow for placeholders in strings. ~~Fix issue where `<script>alert('🐸')</script>` in locales would have been rendered. Similar to https://codeberg.org/forgejo/forgejo/pulls/7740. Locales are considered UGC as there are too many for developers to make sure they're not causing bugs, but in this case they are guarded by linter `lint-locale.go`.~~ https://codeberg.org/forgejo/forgejo/pulls/11381#issuecomment-10866701 <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - User Interface bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/11381): <!--number 11381 --><!--line 0 --><!--description Zml4KHVpKTogaGFyZGNvZGUgc29ydCBvcHRpb25zIGluIHNlYXJjaCBzeW50YXggaGludCwgaW1wcm92ZSBsb29r-->fix(ui): hardcode sort options in search syntax hint, improve look<!--description--> <!--end release-notes-assistant--> 
it is for rendering raw trusted text as actual html, which translations are not

in both cases, adding `<script>alert('0ko')</script>` to the locale string causes script to execute, so SafeHTML does nothing here

it may need to be removed because it already caught at least two people thinking that it's safe to use it
to fix the issue where many translators got confused and thought that these were translatable

the key was changed to avoid either mass-updating the string in all locales or mass-breaking them
as i am here, replacing the button with newer equivalent
Some checks failed
testing / semgrep/ci (pull_request) Successful in 16s
Details
testing / frontend-checks (pull_request) Successful in 1m4s
Details
testing / backend-checks (pull_request) Successful in 2m49s
Details
issue-labels / backporting (pull_request_target) Has been skipped
Details
issue-labels / cascade (pull_request_target) Has been skipped
Details
requirements / merge-conditions (pull_request) Successful in 3s
Details
issue-labels / release-notes (pull_request_target) Has been cancelled
Details
testing / test-mysql (pull_request) Has been cancelled
Details
testing / test-unit (pull_request) Has been cancelled
Details
testing / test-pgsql (pull_request) Has been cancelled
Details
testing / test-e2e (pull_request) Has been cancelled
Details
testing / test-sqlite (pull_request) Has been cancelled
Details
testing / test-remote-cacher (redis) (pull_request) Has been cancelled
Details
testing / test-remote-cacher (valkey) (pull_request) Has been cancelled
Details
testing / test-remote-cacher (garnet) (pull_request) Has been cancelled
Details
testing / test-remote-cacher (redict) (pull_request) Has been cancelled
Details
testing / security-check (pull_request) Has been cancelled
Details
85839973c5 
also class icon was not needed as there was no icon in the button
oops i submitted it broken
All checks were successful
testing / semgrep/ci (pull_request) Successful in 14s
Details
testing / frontend-checks (pull_request) Successful in 1m19s
Details
testing / backend-checks (pull_request) Successful in 3m26s
Details
requirements / merge-conditions (pull_request) Successful in 4s
Details
issue-labels / release-notes (pull_request_target) Successful in 29s
Details
testing / test-unit (pull_request) Successful in 7m6s
Details
testing / test-remote-cacher (redict) (pull_request) Successful in 2m12s
Details
testing / test-remote-cacher (valkey) (pull_request) Successful in 2m14s
Details
testing / test-remote-cacher (redis) (pull_request) Successful in 2m15s
Details
testing / test-remote-cacher (garnet) (pull_request) Successful in 2m14s
Details
testing / test-e2e (pull_request) Successful in 20m21s
Details
testing / test-mysql (pull_request) Successful in 22m46s
Details
testing / test-sqlite (pull_request) Successful in 27m48s
Details
testing / test-pgsql (pull_request) Successful in 30m51s
Details
testing / security-check (pull_request) Successful in 53s
Details
9183ffb1da
0ko requested review from snematoda 2026-02-20 19:30:47 +01:00
mahlzahn reviewed 2026-02-20 19:42:43 +01:00
templates/shared/search/issue/syntax.tmpl
@ -19,0 +14,4 @@
"assignee:<username>" (ctx.Locale.TrString "repo.issues.filter_assignee.hint")
"review:<username>" (ctx.Locale.TrString "repo.issues.filter_reviewers.hint")
"mentions:<username>" (ctx.Locale.TrString "repo.issues.filter_mention.hint")
"sort:<by>:[asc|desc]" (ctx.Locale.TrString "repo.issues.filter_sort.hint_with_placeholder" "created/comments/updated/deadline")
mahlzahn commented 2026-02-20 19:42:43 +01:00
Member
Copy link

Maybe put the options in <code> element? And for consistency with pipes instead of slashes?

Maybe put the options in `<code>` element? And for consistency with pipes instead of slashes?
👍 1
0ko commented 2026-02-22 11:20:35 +01:00
Author
Owner
Copy link

Regarding <code>, it is close to impossible to implement it in the current way while retaining the script escaping. For that we would need some new version of TrString that HTMLEscapes the string itself and HTMLFormats placeholder values.

I now understand why we resorted to simply guarding the strings we have in the codebase by linting. It's much simpler and only needs to be time prior to runtime.

The issue with inserting scripts is real, but me trying to guard one string is useless, because every string rendered by Tr is affected in the same way.

So I'll drop that part of this PR.

Regarding `<code>`, it is close to impossible to implement it in the current way while retaining the script escaping. For that we would need some new version of `TrString` that HTMLEscapes the string itself and HTMLFormats placeholder values. I now understand why we resorted to simply guarding the strings we have in the codebase by linting. It's much simpler and only needs to be time prior to runtime. The issue with inserting scripts is real, but me trying to guard one string is useless, because every string rendered by `Tr` is affected in the same way. So I'll drop that part of this PR.
mahlzahn commented 2026-02-22 11:23:05 +01:00
Member
Copy link

OK

OK
0ko commented 2026-02-22 11:25:03 +01:00
Author
Owner
Copy link

I'll wait for someone to re-approve before merging.

~~I'll wait for someone to re-approve before merging.~~
fogti commented 2026-02-22 18:54:31 +01:00
Member
Copy link

Can we create a new issue for the string escaping thing?

Can we create a new issue for the string escaping thing?
snematoda commented 2026-02-22 21:24:54 +01:00
Member
Copy link

@0ko wrote in #11381/files (comment):

Regarding <code>, it is close to impossible to implement it in the current way while retaining the script escaping. For that we would need some new version of TrString that HTMLEscapes the string itself and HTMLFormats placeholder values.

Considering that sort is just one out of nine... wouldn't it be simpler to just add that outside the loop :)

@0ko wrote in https://codeberg.org/forgejo/forgejo/pulls/11381/files#issuecomment-10866701: > Regarding `<code>`, it is close to impossible to implement it in the current way while retaining the script escaping. For that we would need some new version of `TrString` that HTMLEscapes the string itself and HTMLFormats placeholder values. Considering that sort is just one out of nine... wouldn't it be simpler to just add that outside the loop :)
fogti commented 2026-02-22 23:14:13 +01:00
Member
Copy link

One way to do it might be to handle the last case completely outside of the loop (this would also massively cut down on the size of this change).

One can't really handle it "to perfect satisfaction" in the place easily either, e.g. one can't use string parsing on the already substituted translation string because it would assume too much of the sentence structure of arbitrary languages, afaik (e.g. when just appending to the translated string, which would "get around" that problem in a meh way).

One way to do it might be to handle the last case completely outside of the loop (this would also massively cut down on the size of this change). One can't really handle it "to perfect satisfaction" in the place easily either, e.g. one can't use string parsing on the already substituted translation string because it would assume too much of the sentence structure of arbitrary languages, afaik (e.g. when just appending to the translated string, which would "get around" that problem in a meh way).
0ko commented 2026-02-23 05:58:20 +01:00
Author
Owner
Copy link

I don't see this as a significant issue worty solving because

  1. we have 4500 usages of Locale.Tr in templates, we want them to retain ability for basic html formatting (a, bold, italic) while not allowing undesired formatting (img, script, style), and we already have protection in place for that via lint-locale.
  2. while a lot of surface area can be mitigated by using Locale.TrString, currently it's almost never used in templates, and we won't be able to convert all usages of Locale.Tr to Locale.TrString because (1), so it's not even worth trying
  3. if we have to use Locale.Tr, we can't just have some html tags escaped and some preserved, it will have to be a policy similar to what we have applied to markdown in UGC. But bisecting between good and bad formatting in runtime can't be implemented without degrading performance, and it's not needed because of (1)

The mitigations don't have to be implemented as either new Locale funcs or amended Locale funcs, the way of implementation simply doesn't matter, because it can't be done in a nice way because of (3).

I don't see this as a significant issue worty solving because 1. we have 4500 usages of `Locale.Tr` in templates, we want them to retain ability for basic html formatting (a, bold, italic) while not allowing undesired formatting (img, script, style), and we already have protection in place for that via lint-locale. 2. while a lot of surface area can be mitigated by using `Locale.TrString`, currently it's almost never used in templates, and we won't be able to convert all usages of `Locale.Tr` to `Locale.TrString` because (1), so it's not even worth trying 3. if we have to use `Locale.Tr`, we can't just have some html tags escaped and some preserved, it will have to be a policy similar to what we have applied to markdown in UGC. But bisecting between good and bad formatting in runtime can't be implemented without degrading performance, and it's not needed because of (1) The mitigations don't have to be implemented as either new Locale funcs or amended Locale funcs, the way of implementation simply doesn't matter, because it can't be done in a nice way because of (3).
snematoda approved these changes 2026-02-21 13:33:13 +01:00
snematoda left a comment
Member
Copy link

🫣 my bad... thank you for cleaning this up! ...and mahlzahn for reporting this!

🫣 my bad... thank you for cleaning this up! ...and mahlzahn for reporting this!
fogti approved these changes 2026-02-21 13:57:45 +01:00
use pipes, add <code>
All checks were successful
testing / semgrep/ci (pull_request) Successful in 12s
Details
testing / frontend-checks (pull_request) Successful in 59s
Details
testing / backend-checks (pull_request) Successful in 3m12s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 5m38s
Details
testing / test-unit (pull_request) Successful in 6m0s
Details
testing / test-remote-cacher (redict) (pull_request) Successful in 2m9s
Details
testing / test-remote-cacher (garnet) (pull_request) Successful in 2m9s
Details
testing / test-remote-cacher (redis) (pull_request) Successful in 2m10s
Details
testing / test-remote-cacher (valkey) (pull_request) Successful in 2m10s
Details
testing / test-e2e (pull_request) Successful in 18m23s
Details
testing / test-mysql (pull_request) Successful in 20m15s
Details
testing / test-sqlite (pull_request) Successful in 26m19s
Details
testing / test-pgsql (pull_request) Successful in 29m33s
Details
testing / security-check (pull_request) Successful in 58s
Details
milestone / set (pull_request_target) Successful in 5s
Details
requirements / merge-conditions (pull_request) Successful in 2s
Details
issue-labels / backporting (pull_request_target) Successful in 33s
Details
issue-labels / release-notes (pull_request_target) Successful in 23s
Details
62fb5d6275
0ko changed title from fix(ui): hardcode sort options in search syntax hint, fix html to fix(ui): hardcode sort options in search syntax hint, improve look 2026-02-22 11:23:44 +01:00
0ko merged commit f9a22b335e into forgejo 2026-02-23 06:03:25 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Beowulf
Gusted
snematoda
fogti
Labels
Clear labels   
arch
riscv64

Archived

  
backport/v1.19

Scheduled for backport to Forgejo v1.19

Archived

  
backport/v1.20

Scheduled for backport to Forgejo v1.20

Archived

  
backport/v1.21/forgejo

Scheduled for backport to Forgejo v1.21

Archived

  
backport/v10.0/forgejo

Automated backport to v10.0

Archived

  
backport/v11.0/forgejo

Automated backport to v11.0

  
backport/v12.0/forgejo

Automated backport to v12.0

Archived

  
backport/v13.0/forgejo

Automated backport to v13.0

Archived

  
backport/v14.0/forgejo

Automated backport to v14.0

  
backport/v7.0/forgejo

Scheduled for backport to Forgejo v7.0

Archived

  
backport/v8.0/forgejo

Scheduled for backport to Forgejo v8.0

Archived

  
backport/v9.0/forgejo

Scheduled for backport to Forgejo v9.0

Archived

  
breaking

The release containing this change is not backward compatible

  
bug

Something is not working

Archived

  
bug
confirmed
it can be reproduced

  
bug
duplicate
bug has already been reported in the Forgejo tracker

  
bug
needs-more-info
the information provided does not contain enough details

  
bug
new-report
bug has just been reported and need triage (default label on issue creation)

  
bug
reported-upstream
bug cannot be fixed within Forgejo easily, it has been reported upstream

  
code/actions

Forgejo Actions feature

  
code/api

API

  
code/auth

Forgejo Authentication

  
code/auth/faidp

Forgejo as Identity Provider (in OAuth/OIDC flow)

  
code/auth/farp

Forgejo as Relying Party / Client (in OAuth/OIDC flow)

  
code/email

Everything related to email in Forgejo

  
code/federation

Federation

  
code/git

Related to the Git backend in Forgejo

  
code/migrations

Migration between Git forges (i.e. for GitHub, GitLab, Gitea, Forgejo, etc.). NOT for database migrations.

  
code/packages

Forgejo package and container registry

  
code/wiki
  
database
MySQL
https://www.mysql.com/

  
database
PostgreSQL
https://www.postgresql.org/

  
database
SQLite
https://sqlite.org/

  
dependency-upgrade

https://codeberg.org/forgejo/forgejo/issues/2779

  
dependency
certmagic
github.com/caddyserver/certmagic

Archived

  
dependency
chart.js
https://github.com/chartjs/Chart.js

Archived

  
dependency
Chi
https://github.com/go-chi/chi/

Archived

  
dependency
Chroma
https://github.com/alecthomas/chroma/

Archived

  
dependency
citation.js
https://github.com/larsgw/citation.js/

Archived

  
dependency
codespell
https://github.com/codespell-project/codespell

Archived

  
dependency
css-loader
https://github.com/webpack-contrib/css-loader

Archived

  
dependency
devcontainers
https://github.com/devcontainers/cli

Archived

  
dependency
dropzone
https://github.com/dropzone/dropzone

Archived

  
dependency
editorconfig-checker
https://github.com/editorconfig-checker/editorconfig-checker

Archived

  
dependency
elasticsearch
https://www.elastic.co/elasticsearch

Archived

  
dependency
enmime
https://github.com/jhillyerd/enmime

Archived

  
dependency
F3
https://f3.forgefriends.org/

  
dependency
ForgeFed
https://forgefed.org

  
dependency
garage
https://git.deuxfleurs.fr/Deuxfleurs/garage

  
dependency
Git
https://git-scm.com/

Archived

  
dependency
git-backporting
https://github.com/kiegroup/git-backporting

Archived

  
dependency
Gitea
https://github.com/go-gitea/gitea

  
dependency
gitignore
https://github.com/github/gitignore

Archived

  
dependency
go-ap
https://github.com/go-ap/activitypub

Archived

  
dependency
go-enry
https://github.com/go-enry/go-enry

Archived

  
dependency
go-gitlab
https://github.com/xanzy/go-gitlab

Archived

  
dependency
Go-org
https://github.com/niklasfasching/go-org

Archived

  
dependency
go-rpmutils
https://github.com/sassoftware/go-rpmutils

Archived

  
dependency
go-sql-driver mysql
https://github.com/go-sql-driver/mysql/

Archived

  
dependency
go-swagger
github.com/go-swagger/go-swagger

Archived

  
dependency
go-version
https://github.com/hashicorp/go-version

Archived

  
dependency
go-webauthn
https://github.com/go-webauthn/webauthn

Archived

  
dependency
gocron
https://github.com/go-co-op/gocron

Archived

  
dependency
Golang
https://go.dev/

  
dependency
goldmark
https://github.com/yuin/goldmark

Archived

  
dependency
goquery
github.com/PuerkitoBio/goquery

Archived

  
dependency
Goth
https://github.com/markbates/goth/

Archived

  
dependency
grpc-go
https://github.com/grpc/grpc-go

Archived

  
dependency
happy-dom
https://github.com/capricorn86/happy-dom

Archived

  
dependency
Helm
https://helm.sh/

Archived

  
dependency
image-spec
https://github.com/opencontainers/image-spec

Archived

  
dependency
jsonschema
https://github.com/santhosh-tekuri/jsonschema

Archived

  
dependency
KaTeX
https://github.com/KaTeX/KaTeX

Archived

  
dependency
lint
All linting tools and libraries

Archived

  
dependency
MariaDB
https://mariadb.com/

Archived

  
dependency
Mermaid
https://github.com/mermaid-js/mermaid/

Archived

  
dependency
minio-go
https://github.com/minio/minio-go/

Archived

  
dependency
misspell
github.com/golangci/misspell/cmd/misspell

Archived

  
dependency
Monaco
https://github.com/microsoft/monaco-editor

Archived

  
dependency
PDFobject
https://pdfobject.com/

Archived

  
dependency
playwright
https://playwright.dev/

Archived

  
dependency
postcss
https://github.com/postcss/postcss

Archived

  
dependency
postcss-plugins
https://github.com/csstools/postcss-plugins

Archived

  
dependency
pprof
https://github.com/google/pprof

Archived

  
dependency
prometheus client_golang
https://github.com/prometheus/client_golang

Archived

  
dependency
protobuf
https://google.golang.org/protobuf

Archived

  
dependency
relative-time-element
https://github.com/github/relative-time-element

Archived

  
dependency
renovate
https://github.com/renovatebot/renovate

Archived

  
dependency
reply
https://code.forgejo.org/forgejo/reply

Archived

  
dependency
ssh
https://github.com/gliderlabs/ssh

Archived

  
dependency
swagger-ui
https://github.com/swagger-api/swagger-ui

Archived

  
dependency
tailwind
https://tailwindcss.com/

Archived

  
dependency
temporal-polyfill
https://github.com/fullcalendar/temporal-polyfill

Archived

  
dependency
terminal-to-html
github.com/buildkite/terminal-to-html

Archived

  
dependency
tests-only
Undifferentiated dependencies used for testing only

Archived

  
dependency
text-expander-element
https://github.com/github/text-expander-element

Archived

  
dependency
urfave
https://github.com/urfave/cli

Archived

  
dependency
vfsgen
https://github.com/lunny/vfsgen

Archived

  
dependency
vite
https://vitejs.dev/

Archived

  
dependency
Woodpecker CI
https://woodpecker-ci.org/

Archived

  
dependency
x tools
https://golang.org/x/tools

Archived

  
dependency
XORM
https://gitea.com/xorm/xorm

Archived

  
Discussion

   
duplicate

This issue or pull request already exists

  
enhancement/feature

New feature

  
forgejo/accessibility

Accessibility (a11y)

  
forgejo/branding

Branding (logo, name, tagline etc.)

  
forgejo/ci

Forgejo Actions CI configuration

  
forgejo/commit-graph

The commit graph feature and page.

  
forgejo/documentation

   
forgejo/furnace cleanup

Keeping Forgejo in sync with its dependencies and contributing back to them

Archived

  
forgejo/i18n

t9n/translation, l10n/localization, and i18n/internationalization of Forgejo

  
forgejo/interop

Interoperability with other services: Webhooks, bridges, integrations

  
forgejo/moderation

Moderation

  
forgejo/privacy

Privacy first

  
forgejo/release

Release management

  
forgejo/scaling

Performance and scaling

  
forgejo/security

Security (please disclose responsibly)

  
forgejo/ui

User interface

  
Gain
High
User research provides indicators that this would be good to have, interested contributors are encouraged to pick this.

  
Gain
Nice to have
This is likely worth having, but the assumption is not backed by user research data (it might benefit a small amount of users only.) Unlikely to receive much attention, but feel free to pick.

  
Gain
Undefined
Not enough information to assess the request's benefits. This issue may be closed if no gain is established: You can help by giving us more input.

  
Gain
Very High
User research indicates that this is an important improvement for Forgejo users. Contributions very welcome!

  
good first issue

Optimal for first-timers! Make sure to look for further explanations and ask for help if needed. If you want, you can consider the person who added this label as a point of contact.

  
i18n/backport-stable

This PR needs to be backported to stable branch of Forgejo safely and manually, using a migration script.

  
impact
large
Large impact: Potential data loss, many users affected, major degradation in UX.

  
impact
medium
Medium impact: Several users affected, degradation in UX, workarounds might be available but inconvenient.

  
impact
small
Small impact: No data loss, workarounds might be available, affects few users.

  
impact
unknown
Report was not yet triaged to assess impact.

  
Incompatible license

This pull request contains changes that are not (yet) compatible with the current Forgejo license

  
issue
closed
The issue was resolved in the repository of the dependency

  
issue
do-not-exist-yet
An issue should be created in the respository of the dependency

  
issue
open
An open issue exists in the upstream repository of the dependency

  
manual test

Pull requests that have been merged with a manual test

Archived

  
Manually tested during feature freeze

The manual test instructions were followed

  
OS
FreeBSD
Specific to the FreeBSD Operating System

  
OS
Linux
Specific to (GNU/)Linux Operating Systems

  
OS
macOS
Specific to the MacOS Operating System

  
OS
Windows
Specific to the Windows Operating System

  
problem

A user report about a problem. Needs to be triaged to find potential solutions.

  
QA

   
regression

found in the version of the milestone and not before

  
release blocker

Issues that must be fixed before the release can be published

  
Release Cycle
Feature Freeze
Only bug fixes with automated tests (except for CSS/JavaScript)

  
release-blocker
v7.0
Issues that must be fixed before Forgejo v7.0 can be released 17 April 2024

Archived

  
release-blocker
v7.0.1
Issues that must be fixed before Forgejo v7.0.1 can be released

Archived

  
release-blocker
v7.0.2
Issues that must be fixed before Forgejo v7.0.2 can be released

Archived

  
release-blocker
v7.0.3
Issues that must be fixed before Forgejo v7.0.3 can be released

Archived

  
release-blocker
v7.0.4
Issues that must be fixed before Forgejo v7.0.4 can be released

Archived

  
release-blocker
v8.0.0
Issues that must be fixed before Forgejo v8.0.0 can be released

Archived

  
release-blocker/v9.0.0

Issues that must be fixed before Forgejo v9.0.0 can be released

Archived

  
run-all-playwright-tests

Add this label to a PR to run all playwright tests manually.

  
run-end-to-end-tests

Trigger additional tests on the PR when it is ready to be merged

  
test
manual
manual testing has been documented

  
test
needed
test should be added

  
test
needs-help
help needed to add a test

  
test
not-needed
no additional test is needed

  
test
present
test has been added

  
untested

Pull requests that have been merged with no test and submitted as is to the dependency where they belong

Archived

  
User research - time-tracker

Time tracking feature for issues and the JS stopwatch.

  
valuable code

This PR was closed because the implementation is incomplete

  
worth a release-note

Add this PR to the release notes

  
User research - Accessibility

Requires input about accessibility features, likely involves user testing.

  
User research - Blocked

Do not pick as-is! We are happy if you can help, but please coordinate with ongoing redesign in this area.

  
User research - Community

Community features, such as discovering other people's work or otherwise feeling welcome on a Forgejo instance.

  
User research - Config (instance)

Instance-wide configuration, authentication and other admin-only needs.

  
User research - Errors

How to deal with errors in the application and write helpful error messages.

  
User research - Filters

How filter and search is being worked with.

  
User research - Future backlog

The issue might be inspiring for future design work.

  
User research - Git workflow

AGit, fork-based and new Git workflow, PR creation etc

  
User research - Labels

Active research about Labels

  
User research - Moderation

Moderation Featuers for Admins are undergoing active User Research

  
User research - Needs input

Use this label to let the User Research team know their input is requested.

  
User research - Notifications/Dashboard

Research on how users should know what to do next.

  
User research - Rendering

Text rendering, markup languages etc

  
User research - Repo creation

Active research about the New Repo dialog.

  
User research - Repo units

The repo sections, disabling them and the "Add more" button.

  
User research - Security

   
User research - Settings (in-app)

How to structure in-app settings in the future?

No labels
arch
riscv64
backport/v1.19
backport/v1.20
backport/v1.21/forgejo
backport/v10.0/forgejo
backport/v11.0/forgejo
backport/v12.0/forgejo
backport/v13.0/forgejo
backport/v14.0/forgejo
backport/v7.0/forgejo
backport/v8.0/forgejo
backport/v9.0/forgejo
breaking
bug
bug
confirmed
bug
duplicate
bug
needs-more-info
bug
new-report
bug
reported-upstream
code/actions
code/api
code/auth
code/auth/faidp
code/auth/farp
code/email
code/federation
code/git
code/migrations
code/packages
code/wiki
database
MySQL
database
PostgreSQL
database
SQLite
dependency-upgrade
dependency
certmagic
dependency
chart.js
dependency
Chi
dependency
Chroma
dependency
citation.js
dependency
codespell
dependency
css-loader
dependency
devcontainers
dependency
dropzone
dependency
editorconfig-checker
dependency
elasticsearch
dependency
enmime
dependency
F3
dependency
ForgeFed
dependency
garage
dependency
Git
dependency
git-backporting
dependency
Gitea
dependency
gitignore
dependency
go-ap
dependency
go-enry
dependency
go-gitlab
dependency
Go-org
dependency
go-rpmutils
dependency
go-sql-driver mysql
dependency
go-swagger
dependency
go-version
dependency
go-webauthn
dependency
gocron
dependency
Golang
dependency
goldmark
dependency
goquery
dependency
Goth
dependency
grpc-go
dependency
happy-dom
dependency
Helm
dependency
image-spec
dependency
jsonschema
dependency
KaTeX
dependency
lint
dependency
MariaDB
dependency
Mermaid
dependency
minio-go
dependency
misspell
dependency
Monaco
dependency
PDFobject
dependency
playwright
dependency
postcss
dependency
postcss-plugins
dependency
pprof
dependency
prometheus client_golang
dependency
protobuf
dependency
relative-time-element
dependency
renovate
dependency
reply
dependency
ssh
dependency
swagger-ui
dependency
tailwind
dependency
temporal-polyfill
dependency
terminal-to-html
dependency
tests-only
dependency
text-expander-element
dependency
urfave
dependency
vfsgen
dependency
vite
dependency
Woodpecker CI
dependency
x tools
dependency
XORM
Discussion
duplicate
enhancement/feature
forgejo/accessibility
forgejo/branding
forgejo/ci
forgejo/commit-graph
forgejo/documentation
forgejo/furnace cleanup
forgejo/i18n
forgejo/interop
forgejo/moderation
forgejo/privacy
forgejo/release
forgejo/scaling
forgejo/security
forgejo/ui
Gain
High
Gain
Nice to have
Gain
Undefined
Gain
Very High
good first issue
i18n/backport-stable
impact
large
impact
medium
impact
small
impact
unknown
Incompatible license
issue
closed
issue
do-not-exist-yet
issue
open
manual test
Manually tested during feature freeze
OS
FreeBSD
OS
Linux
OS
macOS
OS
Windows
problem
QA
regression
release blocker
Release Cycle
Feature Freeze
release-blocker
v7.0
release-blocker
v7.0.1
release-blocker
v7.0.2
release-blocker
v7.0.3
release-blocker
v7.0.4
release-blocker
v8.0.0
release-blocker/v9.0.0
run-all-playwright-tests
run-end-to-end-tests
test
manual
test
needed
test
needs-help
test
not-needed
test
present
untested
User research - time-tracker
valuable code
worth a release-note
User research - Accessibility
User research - Blocked
User research - Community
User research - Config (instance)
User research - Errors
User research - Filters
User research - Future backlog
User research - Git workflow
User research - Labels
User research - Moderation
User research - Needs input
User research - Notifications/Dashboard
User research - Rendering
User research - Repo creation
User research - Repo units
User research - Security
User research - Settings (in-app)
Milestone
Clear milestone
No items
No milestone
Forgejo v15.0.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo/forgejo!11381
No description provided.