BigW Consortium Gitlab

Commit a8452529 by Arinde Eniola

get the multi filter labels feature to work on merge request, also escape…

get the multi filter labels feature to work on merge request, also escape characters in the templates to prevent xss attack
parent bea34843
......@@ -58,6 +58,7 @@ class Dispatcher
when 'projects:merge_requests:index'
shortcut_handler = new ShortcutsNavigation()
MergeRequests.init()
Issues.init()
when 'dashboard:activity'
new Activities()
when 'dashboard:projects:starred'
......
......@@ -21,7 +21,7 @@
Issue.labelRow = _.template(
'<% _.each(labels, function(label){ %>
<span class="label-row">
<a href="#"><span class="label color-label has-tooltip" style="background-color: <%= label.color %>; color: #FFFFFF" title="<%= label.description %>" data-container="body"><%= label.title %></span></a>
<a href="#"><span class="label color-label has-tooltip" style="background-color: <%= label.color %>; color: #FFFFFF" title="<%= _.escape(label.description) %>" data-container="body"><%= _.escape(label.title) %></span></a>
</span>
<% }); %>'
)
......
......@@ -3,7 +3,6 @@
#
@MergeRequests =
init: ->
$('.filtered-labels').hide()
MergeRequests.initSearch()
# Make sure we trigger ajax request only after user stop typing
......
......@@ -38,13 +38,14 @@ class Projects::MergeRequestsController < Projects::ApplicationController
@merge_requests = @merge_requests.page(params[:page])
@merge_requests = @merge_requests.preload(:target_project)
@label = @project.labels.find_by(title: params[:label_name])
@labels = @project.labels.where(title: params[:label_name])
respond_to do |format|
format.html
format.json do
render json: {
html: view_to_html_string("projects/merge_requests/_merge_requests")
html: view_to_html_string("projects/merge_requests/_merge_requests"),
labels: @labels
}
end
end
......
......@@ -46,7 +46,7 @@
.filter-item.inline
= button_tag "Update issues", class: "btn update_selected_issues btn-save"
.gray-content-block.second-block.filtered-labels{ class: ("hidden" if !@labels) }
.gray-content-block.second-block.filtered-labels
- if @labels
= render "shared/labels_row", labels: @labels
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment