Merge branch 'security-djadmin-branch-name-xss' into 'master'

Add html escaping for default branch name See merge request gitlab-org/security/gitlab!1621

Merge branch 'security-djadmin-branch-name-xss' into 'master'
Add html escaping for default branch name See merge request gitlab-org/security/gitlab!1621
28630614 · GitLab Release Tools Bot · b1007c64 · dbdc999e · 28630614
Commit 28630614 authored Aug 02, 2021 by GitLab Release Tools Bot
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

app/views/projects/empty.html.haml app/views/projects/empty.html.haml +4 -4

No files found.
--- a/app/views/projects/empty.html.haml
+++ b/app/views/projects/empty.html.haml
@@ -44,26 +44,26 @@
          :preserve
            git clone #{ content_tag(:span, default_url_to_repo, class: 'js-clone')}
            cd #{h @project.path}
-            git switch -c #{default_branch_name}
+            git switch -c #{h default_branch_name}
            touch README.md
            git add README.md
            git commit -m "add README"
          - if @project.can_current_user_push_to_default_branch?
            %span><
-              git push -u origin #{ default_branch_name }
+              git push -u origin #{h default_branch_name }

      %fieldset
        %h5= _('Push an existing folder')
        %pre.bg-light
          :preserve
            cd existing_folder
-            git init --initial-branch=#{default_branch_name}
+            git init --initial-branch=#{h default_branch_name}
            git remote add origin #{ content_tag(:span, default_url_to_repo, class: 'js-clone')}
            git add .
            git commit -m "Initial commit"
          - if @project.can_current_user_push_to_default_branch?
            %span><
-              git push -u origin #{ default_branch_name }
+              git push -u origin #{h default_branch_name }

      %fieldset
        %h5= _('Push an existing Git repository')