Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
adf9a518
Commit
adf9a518
authored
8 years ago
by
Stan Hu
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Escape HTML in commit titles in system note messages
Closes #17348
parent
2e116227
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
15 additions
and
1 deletion
+15
-1
CHANGELOG
CHANGELOG
+1
-0
app/services/system_note_service.rb
app/services/system_note_service.rb
+5
-1
spec/services/system_note_service_spec.rb
spec/services/system_note_service_spec.rb
+9
-0
No files found.
CHANGELOG
View file @
adf9a518
...
...
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.8.0 (unreleased)
- Assign labels and milestone to target project when moving issue. !3934 (Long Nguyen)
- Project#open_branches has been cleaned up and no longer loads entire records into memory.
- Escape HTML in commit titles in system note messages
- Log to application.log when an admin starts and stops impersonating a user
- Updated gitlab_git to 10.1.0
- GitAccess#protected_tag? no longer loads all tags just to check if a single one exists
...
...
This diff is collapsed.
Click to expand it.
app/services/system_note_service.rb
View file @
adf9a518
...
...
@@ -351,7 +351,7 @@ class SystemNoteService
# Returns an Array of Strings
def
self
.
new_commit_summary
(
new_commits
)
new_commits
.
collect
do
|
commit
|
"*
#{
commit
.
short_id
}
-
#{
commit
.
title
}
"
"*
#{
commit
.
short_id
}
-
#{
escape_html
(
commit
.
title
)
}
"
end
end
...
...
@@ -433,4 +433,8 @@ class SystemNoteService
body
=
"Moved
#{
direction
}
#{
cross_reference
}
"
create_note
(
noteable:
noteable
,
project:
project
,
author:
author
,
note:
body
)
end
def
self
.
escape_html
(
text
)
Rack
::
Utils
.
escape_html
(
text
)
end
end
This diff is collapsed.
Click to expand it.
spec/services/system_note_service_spec.rb
View file @
adf9a518
...
...
@@ -506,6 +506,15 @@ describe SystemNoteService, services: true do
end
end
describe
'.new_commit_summary'
do
it
'escapes HTML titles'
do
commit
=
double
(
title:
'<pre>This is a test</pre>'
,
short_id:
'12345678'
)
escaped
=
'* 12345678 - <pre>This is a test</pre>'
expect
(
described_class
.
new_commit_summary
([
commit
])).
to
eq
([
escaped
])
end
end
include
JiraServiceHelper
describe
'JIRA integration'
do
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment