- 08 Sep, 2017 1 commit
-
-
Douwe Maan authored
[9.5] Prevent a persistent XSS in the commit author block See merge request gitlab/gitlabhq!2180
-
- 02 Aug, 2017 1 commit
-
-
Robert Speicher authored
-
- 21 Jun, 2017 1 commit
-
-
Grzegorz Bizon authored
-
- 23 Feb, 2017 2 commits
-
-
Douwe Maan authored
This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.
-
Douwe Maan authored
-
- 07 Feb, 2017 1 commit
-
-
Douwe Maan authored
-
- 06 Feb, 2017 1 commit
-
-
Douwe Maan authored
-
- 17 Apr, 2016 1 commit
-
-
Robert Speicher authored
Because we were incorrectly supplying the tooltip title as `data-original-title` (which Bootstrap's Tooltip JS automatically applies based on the `title` attribute; we should never be setting it directly), the value was being passed through as-is. Instead, we should be supplying the normal `title` attribute and letting Rails escape the value, which also negates the need for us to call `sanitize` on it. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126
-