Commit ac73df36 authored by Phil Hughes's avatar Phil Hughes

Correctly escape special characters in Vue file listing routes

Closes https://gitlab.com/gitlab-org/gitlab/issues/202123
parent 0f29bc50
......@@ -45,7 +45,7 @@ export default {
currentPath: {
type: String,
required: false,
default: '/',
default: '',
},
canCollaborate: {
type: Boolean,
......@@ -107,7 +107,7 @@ export default {
return acc.concat({
name,
path,
to: `/-/tree/${escape(this.ref)}${path}`,
to: `/-/tree/${escape(this.ref)}${escape(path)}`,
});
},
[
......@@ -133,7 +133,7 @@ export default {
},
{
attrs: {
href: `${this.newBlobPath}${this.currentPath}`,
href: `${this.newBlobPath}/${this.currentPath ? escape(this.currentPath) : ''}`,
class: 'qa-new-file-option',
},
text: __('New file'),
......
......@@ -28,7 +28,7 @@ export default {
return splitArray.join('/');
},
parentRoute() {
return { path: `/-/tree/${escape(this.commitRef)}/${this.parentPath}` };
return { path: `/-/tree/${escape(this.commitRef)}/${escape(this.parentPath)}` };
},
},
methods: {
......
......@@ -90,7 +90,7 @@ export default {
},
computed: {
routerLinkTo() {
return this.isFolder ? { path: `/-/tree/${escape(this.ref)}/${this.path}` } : null;
return this.isFolder ? { path: `/-/tree/${escape(this.ref)}/${escape(this.path)}` } : null;
},
iconName() {
return `fa-${getIconName(this.type, this.path)}`;
......
......@@ -100,7 +100,7 @@ export default function setupVueRepositoryList() {
render(h) {
return h(TreeActionLink, {
props: {
path: `${historyLink}/${this.$route.params.path || ''}`,
path: `${historyLink}/${this.$route.params.path ? escape(this.$route.params.path) : ''}`,
text: __('History'),
},
});
......
......@@ -27,9 +27,8 @@ export function fetchLogsTree(client, path, offset, resolver = null) {
fetchpromise = axios
.get(
`${gon.relative_url_root}/${projectPath}/-/refs/${escape(ref)}/logs_tree/${path.replace(
/^\//,
'',
`${gon.relative_url_root}/${projectPath}/-/refs/${escape(ref)}/logs_tree/${escape(
path.replace(/^\//, ''),
)}`,
{
params: { format: 'json', offset },
......
......@@ -33,6 +33,17 @@ describe('Repository breadcrumbs component', () => {
expect(vm.findAll(RouterLinkStub).length).toEqual(linkCount);
});
it('escapes hash in directory path', () => {
factory('app/assets/javascripts#');
expect(
vm
.findAll(RouterLinkStub)
.at(3)
.props('to'),
).toEqual('/-/tree//app/assets/javascripts%23');
});
it('renders last link as active', () => {
factory('app/assets');
......
......@@ -34,6 +34,7 @@ describe('Repository parent row component', () => {
path | to
${'app'} | ${'/-/tree/master/'}
${'app/assets'} | ${'/-/tree/master/app'}
${'app/assets#/test'} | ${'/-/tree/master/app/assets%23'}
`('renders link in $path to $to', ({ path, to }) => {
factory(path);
......
......@@ -95,6 +95,22 @@ describe('Repository table row component', () => {
});
});
it('pushes new route for directory with hash', () => {
factory({
id: '1',
sha: '123',
path: 'test#',
type: 'tree',
currentPath: '/',
});
return vm.vm.$nextTick().then(() => {
vm.trigger('click');
expect($router.push).toHaveBeenCalledWith({ path: '/-/tree/master/test%23' });
});
});
it.each`
type | pushes
${'tree'} | ${true}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment