Commit e580bd8c authored by Jacob Schatz's avatar Jacob Schatz Committed by Robert Speicher

Merge branch 'issue_15434' into 'master'

Fixes XSS injection

REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15434

**Without the fix**

![xss1](/uploads/0a7b0b15fb87066965a7c73f1dbaa815/xss1.gif)


**With the fix**

![xss2](/uploads/473cfa0aa80656f24c58aebf1fd97fff/xss2.gif)


See merge request !1952
parent f02c5cc7
class @CommitsList class @CommitsList
@timer = null @timer = null
@init: (ref, limit) -> @init: (limit) ->
$("body").on "click", ".day-commits-table li.commit", (event) -> $("body").on "click", ".day-commits-table li.commit", (event) ->
if event.target.nodeName != "A" if event.target.nodeName != "A"
location.href = $(this).attr("url") location.href = $(this).attr("url")
......
...@@ -36,4 +36,4 @@ ...@@ -36,4 +36,4 @@
= spinner = spinner
:javascript :javascript
CommitsList.init("#{@ref}", #{@limit}); CommitsList.init(#{@limit});
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment