- 09 Nov, 2016 2 commits
-
-
Douwe Maan authored
Fix for HackerOne XSS vulnerability in markdown This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153 See merge request !2015 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
disable markdown in comments when referencing disabled features fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548 This MR prevents the following references when tool is disabled: - issues - snippets - commits - when repo is disabled - commit range - when repo is disabled - milestones This MR does not prevent references to repository files, since they are just markdown links and don't leak information. See merge request !2011 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 01 Nov, 2016 1 commit
-
-
panjan authored
Fixes: https://gitlab.com/gitlab-org/gitlab-ce/issues/18096
-
- 24 Oct, 2016 1 commit
-
-
winniehell authored
-
- 19 Oct, 2016 2 commits
-
-
Douglas Barbosa Alexandre authored
-
Felipe Artur authored
-
- 18 Oct, 2016 2 commits
-
-
the-undefined authored
Ensure that external URLs with non-lowercase protocols will be attributed with 'nofollow noreferrer' and open up in a new window. Covers the edge cases to skip: - HTTPS schemes - relative links Closes #22782
-
amaia authored
-
- 16 Oct, 2016 1 commit
-
-
Ebrahim Byagowi authored
-
- 13 Oct, 2016 1 commit
-
-
Johan H authored
-
- 11 Oct, 2016 1 commit
-
-
henrik authored
-
- 10 Oct, 2016 1 commit
-
-
Nick Thomas authored
-
- 08 Oct, 2016 1 commit
-
-
Stan Hu authored
-
- 07 Oct, 2016 3 commits
-
-
Nick Thomas authored
This commit alters views for the following models to use the markdown cache if present: * AbuseReport * Appearance * ApplicationSetting * BroadcastMessage * Group * Issue * Label * MergeRequest * Milestone * Project At the same time, calls to `escape_once` have been moved into the `single_line` Banzai pipeline, so they can't be missed out by accident and the work is done at save, rather than render, time.
-
Nick Thomas authored
-
Nick Thomas authored
This commit adds a number of _html columns and, with the exception of Note, starts updating them whenever the content of their partner fields changes. Note has a collision with the note_html attr_accessor; that will be fixed later A background worker for clearing these cache columns is also introduced - use `rake cache:clear` to set it off. You can clear the database or Redis caches separately by running `rake cache:clear:db` or `rake cache:clear:redis`, respectively.
-
- 04 Oct, 2016 1 commit
-
-
Phil Hughes authored
-
- 03 Oct, 2016 2 commits
-
-
Katarzyna Kobierska authored
-
Katarzyna Kobierska authored
-
- 30 Sep, 2016 1 commit
-
-
Jared Deckard authored
-
- 14 Sep, 2016 1 commit
-
-
Qingping Hou authored
-
- 31 Aug, 2016 1 commit
-
-
winniehell authored
-
- 30 Aug, 2016 1 commit
-
-
http://jneen.net/ authored
-
- 04 Aug, 2016 1 commit
-
-
winniehell authored
-
- 03 Aug, 2016 1 commit
-
-
Grzegorz Bizon authored
-
- 02 Aug, 2016 2 commits
-
-
winniehell authored
-
winniehell authored
-
- 29 Jul, 2016 1 commit
-
-
Yorick Peterse authored
The method Ability.issues_readable_by_user takes a list of users and an optional user and returns an Array of issues readable by said user. This method in turn is used by Banzai::ReferenceParser::IssueParser#nodes_visible_to_user so this method no longer needs to get all the available abilities just to check if a user has the "read_issue" ability. To test this I benchmarked an issue with 222 comments on my development environment. Using these changes the time spent in nodes_visible_to_user was reduced from around 120 ms to around 40 ms.
-
- 26 Jul, 2016 1 commit
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 24 Jul, 2016 1 commit
-
-
winniehell authored
-
- 20 Jul, 2016 1 commit
-
-
Rémy Coutable authored
Handle videos in: - MD preview in notes: commit, issue/MR, MR diff - New notes in: commit, issue/MR, MR diff - Persisted notes in: commit, issue/MR, MR diff Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 19 Jul, 2016 2 commits
-
-
Rémy Coutable authored
Also, always add a link to download videos since video playback is tricky. Also, it solves the issue with email client not supporting videos. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Eric Hayes authored
* Registered video MIME types * Currently supporting browser-supported formats with extensions that match the mime type
-
- 18 Jul, 2016 1 commit
-
-
Paco Guzman authored
-
- 16 Jul, 2016 1 commit
-
-
Douwe Maan authored
-
- 14 Jul, 2016 2 commits
-
-
http://jneen.net/ authored
since we've eliminated #block_code
-
http://jneen.net/ authored
-
- 13 Jul, 2016 3 commits
-
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-