Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
37993d39
Commit
37993d39
authored
Dec 24, 2015
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Escape all the things.
parent
e3befaed
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
20 additions
and
17 deletions
+20
-17
lib/banzai/filter/abstract_reference_filter.rb
lib/banzai/filter/abstract_reference_filter.rb
+13
-10
lib/banzai/filter/external_issue_reference_filter.rb
lib/banzai/filter/external_issue_reference_filter.rb
+3
-3
lib/banzai/filter/label_reference_filter.rb
lib/banzai/filter/label_reference_filter.rb
+1
-1
lib/banzai/filter/reference_filter.rb
lib/banzai/filter/reference_filter.rb
+2
-2
lib/banzai/filter/user_reference_filter.rb
lib/banzai/filter/user_reference_filter.rb
+1
-1
No files found.
lib/banzai/filter/abstract_reference_filter.rb
View file @
37993d39
...
...
@@ -98,7 +98,7 @@ module Banzai
project
=
project_from_ref
(
project_ref
)
if
project
&&
object
=
find_object
(
project
,
id
)
title
=
escape_once
(
object_link_title
(
object
)
)
title
=
object_link_title
(
object
)
klass
=
reference_class
(
object_sym
)
data
=
data_attribute
(
...
...
@@ -110,17 +110,11 @@ module Banzai
url
=
matches
[
:url
]
if
matches
.
names
.
include?
(
"url"
)
url
||=
url_for_object
(
object
,
project
)
text
=
link_text
unless
text
text
=
object
.
reference_link_text
(
context
[
:project
])
extras
=
object_link_text_extras
(
object
,
matches
)
text
+=
" (
#{
extras
.
join
(
", "
)
}
)"
if
extras
.
any?
end
text
=
link_text
||
object_link_text
(
object
,
matches
)
%(<a href="#{url}" #{data}
title="#{
title
}"
class="#{klass}">#{
text
}</a>)
title="#{
escape_once(title)
}"
class="#{klass}">#{
escape_once(text)
}</a>)
else
match
end
...
...
@@ -140,6 +134,15 @@ module Banzai
def
object_link_title
(
object
)
"
#{
object_class
.
name
.
titleize
}
:
#{
object
.
title
}
"
end
def
object_link_text
(
object
,
matches
)
text
=
object
.
reference_link_text
(
context
[
:project
])
extras
=
object_link_text_extras
(
object
,
matches
)
text
+=
" (
#{
extras
.
join
(
", "
)
}
)"
if
extras
.
any?
text
end
end
end
end
lib/banzai/filter/external_issue_reference_filter.rb
View file @
37993d39
...
...
@@ -63,15 +63,15 @@ module Banzai
url
=
url_for_issue
(
id
,
project
,
only_path:
context
[
:only_path
])
title
=
escape_once
(
"Issue in
#{
project
.
external_issue_tracker
.
title
}
"
)
title
=
"Issue in
#{
project
.
external_issue_tracker
.
title
}
"
klass
=
reference_class
(
:issue
)
data
=
data_attribute
(
project:
project
.
id
,
external_issue:
id
)
text
=
link_text
||
match
%(<a href="#{url}" #{data}
title="#{
title
}"
class="#{klass}">#{
text
}</a>)
title="#{
escape_once(title)
}"
class="#{klass}">#{
escape_once(text)
}</a>)
end
end
...
...
lib/banzai/filter/label_reference_filter.rb
View file @
37993d39
...
...
@@ -60,7 +60,7 @@ module Banzai
text
=
link_text
||
render_colored_label
(
label
)
%(<a href="#{url}" #{data}
class="#{klass}">#{
text
}</a>)
class="#{klass}">#{
escape_once(text)
}</a>)
else
match
end
...
...
lib/banzai/filter/reference_filter.rb
View file @
37993d39
...
...
@@ -44,11 +44,11 @@ module Banzai
# Returns a String
def
data_attribute
(
attributes
=
{})
attributes
[
:reference_filter
]
=
self
.
class
.
name
.
demodulize
attributes
.
map
{
|
key
,
value
|
%Q(data-
#{
key
.
to_s
.
dasherize
}
="
#{
value
}
")
}.
join
(
" "
)
attributes
.
map
{
|
key
,
value
|
%Q(data-
#{
key
.
to_s
.
dasherize
}
="
#{
escape_once
(
value
)
}
")
}.
join
(
" "
)
end
def
escape_once
(
html
)
ERB
::
Util
.
html_escape_once
(
html
)
html
.
html_safe?
?
html
:
ERB
::
Util
.
html_escape_once
(
html
)
end
def
ignore_parents
...
...
lib/banzai/filter/user_reference_filter.rb
View file @
37993d39
...
...
@@ -122,7 +122,7 @@ module Banzai
end
def
link_tag
(
url
,
data
,
text
)
%(<a href="#{url}" #{data} class="#{link_class}">#{
text
}</a>)
%(<a href="#{url}" #{data} class="#{link_class}">#{
escape_once(text)
}</a>)
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment