Commit 6daf9677 authored by Robert Speicher's avatar Robert Speicher

Remove persistent XSS vulnerability in `commit_person_link` helper

See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/1948
parent ba0f3b6e
Please view this file on the master branch, on stable branches it's out of date.
v 8.4.9
- Remove persistent XSS vulnerability in `commit_person_link` helper
v 8.4.8
- Fix a 2FA authentication spoofing vulnerability.
......
......@@ -152,7 +152,7 @@ module CommitsHelper
options = {
class: "commit-#{options[:source]}-link has_tooltip",
data: { :'original-title' => sanitize(source_email) }
title: source_email
}
if user.nil?
......
......@@ -40,7 +40,7 @@ module ProjectsHelper
link_to(author_html, user_path(author), class: "author_link").html_safe
else
title = opts[:title].sub(":name", sanitize(author.name))
link_to(author_html, user_path(author), class: "author_link has_tooltip", data: { :'original-title' => title, container: 'body' } ).html_safe
link_to(author_html, user_path(author), class: "author_link has_tooltip", title: title, data: { container: 'body' } ).html_safe
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment