BigW Consortium Gitlab

Use only escaped auto_link

parent 90c96d1d
...@@ -259,4 +259,8 @@ module ApplicationHelper ...@@ -259,4 +259,8 @@ module ApplicationHelper
super super
end end
def escaped_autolink(text)
auto_link ERB::Util.html_escape(text), link: :urls
end
end end
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
= @group.name = @group.name
- if @group.description.present? - if @group.description.present?
%p %p
= auto_link @group.description, link: :urls = escaped_autolink(@group.description)
= render "projects", projects: @projects = render "projects", projects: @projects
- if current_user - if current_user
.prepend-top-20 .prepend-top-20
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
.project-home-row .project-home-row
.project-home-desc .project-home-desc
- if @project.description.present? - if @project.description.present?
= auto_link ERB::Util.html_escape(@project.description), link: :urls = escaped_autolink(@project.description)
- if can?(current_user, :admin_project, @project) - if can?(current_user, :admin_project, @project)
– –
= link_to 'Edit', edit_project_path = link_to 'Edit', edit_project_path
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment