BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
27b71e80
Commit
27b71e80
authored
Feb 16, 2018
by
Sean McGivern
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'dm-escape-commit-message' into 'master'
Escape HTML entities in commit messages Closes #42833 See merge request gitlab-org/gitlab-ce!17144
parents
06004734
e090366f
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
12 additions
and
8 deletions
+12
-8
dm-escape-commit-message.yml
changelogs/unreleased/dm-escape-commit-message.yml
+5
-0
html_entity_filter.rb
lib/banzai/filter/html_entity_filter.rb
+1
-1
events_helper_spec.rb
spec/helpers/events_helper_spec.rb
+4
-0
html_entity_filter_spec.rb
spec/lib/banzai/filter/html_entity_filter_spec.rb
+2
-7
No files found.
changelogs/unreleased/dm-escape-commit-message.yml
0 → 100644
View file @
27b71e80
---
title
:
Escape HTML entities in commit messages
merge_request
:
author
:
type
:
fixed
lib/banzai/filter/html_entity_filter.rb
View file @
27b71e80
...
...
@@ -5,7 +5,7 @@ module Banzai
# Text filter that escapes these HTML entities: & " < >
class
HtmlEntityFilter
<
HTML
::
Pipeline
::
TextFilter
def
call
ERB
::
Util
.
html_escape
_once
(
text
)
ERB
::
Util
.
html_escape
(
text
)
end
end
end
...
...
spec/helpers/events_helper_spec.rb
View file @
27b71e80
...
...
@@ -20,5 +20,9 @@ describe EventsHelper do
it
'handles nil values'
do
expect
(
helper
.
event_commit_title
(
nil
)).
to
eq
(
''
)
end
it
'does not escape HTML entities'
do
expect
(
helper
.
event_commit_title
(
"foo & bar"
)).
to
eq
(
"foo & bar"
)
end
end
end
spec/lib/banzai/filter/html_entity_filter_spec.rb
View file @
27b71e80
...
...
@@ -3,17 +3,12 @@ require 'spec_helper'
describe
Banzai
::
Filter
::
HtmlEntityFilter
do
include
FilterSpecHelper
let
(
:unescaped
)
{
'foo <strike attr="foo">&&&</strike>'
}
let
(
:escaped
)
{
'foo <strike attr="foo">&&&</strike>'
}
let
(
:unescaped
)
{
'foo <strike attr="foo">&&
amp;
&</strike>'
}
let
(
:escaped
)
{
'foo <strike attr="foo">&&
amp;
&</strike>'
}
it
'converts common entities to their HTML-escaped equivalents'
do
output
=
filter
(
unescaped
)
expect
(
output
).
to
eq
(
escaped
)
end
it
'does not double-escape'
do
escaped
=
ERB
::
Util
.
html_escape
(
"Merge branch 'blabla' into 'master'"
)
expect
(
filter
(
escaped
)).
to
eq
(
escaped
)
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment