Commit b5a1c9ff authored by Fatih Acet's avatar Fatih Acet

Merge branch 'label-dropdown-encode' into 'master'

Fixed escaping issue with labels filter

## What does this MR do?

Encodes label names to stop any JS errors.

## What are the relevant issue numbers?

Closes #15552

See merge request !6123
parents 46b5fc2c 97d6f5b6
...@@ -556,7 +556,7 @@ ...@@ -556,7 +556,7 @@
if (isInput) { if (isInput) {
field = $(this.el); field = $(this.el);
} else { } else {
field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + value + "']"); field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + escape(value) + "']");
} }
if (el.hasClass(ACTIVE_CLASS)) { if (el.hasClass(ACTIVE_CLASS)) {
el.removeClass(ACTIVE_CLASS); el.removeClass(ACTIVE_CLASS);
......
...@@ -164,7 +164,7 @@ ...@@ -164,7 +164,7 @@
instance.addInput(this.fieldName, label.id); instance.addInput(this.fieldName, label.id);
} }
} }
if ($form.find("input[type='hidden'][name='" + ($dropdown.data('fieldName')) + "'][value='" + (this.id(label)) + "']").length) { if ($form.find("input[type='hidden'][name='" + ($dropdown.data('fieldName')) + "'][value='" + escape(this.id(label)) + "']").length) {
selectedClass.push('is-active'); selectedClass.push('is-active');
} }
if ($dropdown.hasClass('js-multiselect') && removesAll) { if ($dropdown.hasClass('js-multiselect') && removesAll) {
......
...@@ -12,7 +12,7 @@ ...@@ -12,7 +12,7 @@
- if params[:label_name].present? - if params[:label_name].present?
- if params[:label_name].respond_to?('any?') - if params[:label_name].respond_to?('any?')
- params[:label_name].each do |label| - params[:label_name].each do |label|
= hidden_field_tag "label_name[]", label, id: nil = hidden_field_tag "label_name[]", u(label), id: nil
.dropdown .dropdown
%button.dropdown-menu-toggle.js-label-select.js-multiselect{class: classes.join(' '), type: "button", data: dropdown_data} %button.dropdown-menu-toggle.js-label-select.js-multiselect{class: classes.join(' '), type: "button", data: dropdown_data}
%span.dropdown-toggle-text %span.dropdown-toggle-text
......
...@@ -8,6 +8,7 @@ describe 'Filter issues', feature: true do ...@@ -8,6 +8,7 @@ describe 'Filter issues', feature: true do
let!(:milestone) { create(:milestone, project: project) } let!(:milestone) { create(:milestone, project: project) }
let!(:label) { create(:label, project: project) } let!(:label) { create(:label, project: project) }
let!(:issue1) { create(:issue, project: project) } let!(:issue1) { create(:issue, project: project) }
let!(:wontfix) { create(:label, project: project, title: "Won't fix") }
before do before do
project.team << [user, :master] project.team << [user, :master]
...@@ -107,6 +108,15 @@ describe 'Filter issues', feature: true do ...@@ -107,6 +108,15 @@ describe 'Filter issues', feature: true do
end end
expect(find('.js-label-select .dropdown-toggle-text')).to have_content(label.title) expect(find('.js-label-select .dropdown-toggle-text')).to have_content(label.title)
end end
it 'filters by wont fix labels' do
find('.dropdown-menu-labels a', text: label.title).click
page.within '.labels-filter' do
expect(page).to have_content wontfix.title
click_link wontfix.title
end
expect(find('.js-label-select .dropdown-toggle-text')).to have_content(wontfix.title)
end
end end
describe 'Filter issues for assignee and label from issues#index' do describe 'Filter issues for assignee and label from issues#index' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment