Skip to content

G
gitlab-ce
Commit ef854625 authored by Nick Thomas's avatar Nick Thomas
Browse files
Options

Prevent an XSS vector in the add approver email

parent 3b590dbe
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 1 deletion
ee/app/views/notify/add_merge_request_approver_email.html.haml
View file @ ef854625
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
%div %div
#{link_to @updated_by.name, user_url(@updated_by)} added you as an approver for: #{link_to @updated_by.name, user_url(@updated_by)} added you as an approver for:
%p.details %p.details
!= merge_path_description(@merge_request, '→') = merge_path_description(@merge_request, '→')
- if @merge_request.assignees.any? - if @merge_request.assignees.any?
%p %p
......
ee/changelogs/unreleased/security-fix-email-xss-master.yml 0 → 100644
View file @ ef854625
---
title: Prevent an XSS vector in the add approver email
merge_request:
author:
type: security
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7