- 09 Nov, 2016 2 commits
-
-
Douwe Maan authored
Fix for HackerOne XSS vulnerability in markdown This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153 See merge request !2015 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
disable markdown in comments when referencing disabled features fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548 This MR prevents the following references when tool is disabled: - issues - snippets - commits - when repo is disabled - commit range - when repo is disabled - milestones This MR does not prevent references to repository files, since they are just markdown links and don't leak information. See merge request !2011 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 01 Nov, 2016 1 commit
-
-
panjan authored
Fixes: https://gitlab.com/gitlab-org/gitlab-ce/issues/18096
-
- 24 Oct, 2016 1 commit
-
-
winniehell authored
-
- 19 Oct, 2016 2 commits
-
-
Douglas Barbosa Alexandre authored
-
Felipe Artur authored
-
- 18 Oct, 2016 2 commits
-
-
the-undefined authored
Ensure that external URLs with non-lowercase protocols will be attributed with 'nofollow noreferrer' and open up in a new window. Covers the edge cases to skip: - HTTPS schemes - relative links Closes #22782
-
amaia authored
-
- 13 Oct, 2016 1 commit
-
-
Johan H authored
-
- 11 Oct, 2016 1 commit
-
-
henrik authored
-
- 10 Oct, 2016 1 commit
-
-
Nick Thomas authored
-
- 07 Oct, 2016 1 commit
-
-
Nick Thomas authored
This commit alters views for the following models to use the markdown cache if present: * AbuseReport * Appearance * ApplicationSetting * BroadcastMessage * Group * Issue * Label * MergeRequest * Milestone * Project At the same time, calls to `escape_once` have been moved into the `single_line` Banzai pipeline, so they can't be missed out by accident and the work is done at save, rather than render, time.
-
- 04 Oct, 2016 1 commit
-
-
Phil Hughes authored
-
- 03 Oct, 2016 2 commits
-
-
Katarzyna Kobierska authored
-
Katarzyna Kobierska authored
-
- 30 Sep, 2016 1 commit
-
-
Jared Deckard authored
-
- 31 Aug, 2016 1 commit
-
-
winniehell authored
-
- 04 Aug, 2016 1 commit
-
-
winniehell authored
-
- 03 Aug, 2016 1 commit
-
-
Grzegorz Bizon authored
-
- 02 Aug, 2016 2 commits
-
-
winniehell authored
-
winniehell authored
-
- 26 Jul, 2016 1 commit
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 24 Jul, 2016 1 commit
-
-
winniehell authored
-
- 20 Jul, 2016 1 commit
-
-
Rémy Coutable authored
Handle videos in: - MD preview in notes: commit, issue/MR, MR diff - New notes in: commit, issue/MR, MR diff - Persisted notes in: commit, issue/MR, MR diff Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 19 Jul, 2016 2 commits
-
-
Rémy Coutable authored
Also, always add a link to download videos since video playback is tricky. Also, it solves the issue with email client not supporting videos. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Eric Hayes authored
* Registered video MIME types * Currently supporting browser-supported formats with extensions that match the mime type
-
- 18 Jul, 2016 1 commit
-
-
Paco Guzman authored
-
- 16 Jul, 2016 1 commit
-
-
Douwe Maan authored
-
- 14 Jul, 2016 2 commits
-
-
http://jneen.net/ authored
since we've eliminated #block_code
-
http://jneen.net/ authored
-
- 13 Jul, 2016 3 commits
-
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
- 10 Jul, 2016 2 commits
-
-
Douwe Maan authored
-
Douwe Maan authored
-
- 05 Jul, 2016 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 30 Jun, 2016 1 commit
-
-
Yorick Peterse authored
IssueReferenceFilter will end up processing internal issue references when a project uses an external issues tracker while still using internal issue references (in the form of `#\d+`). This commit ensures that these links are rendered as external issue links, regardless of whether the project one currently views uses an internal or external issues tracker. Fixes gitlab-org/gitlab-ce#19036, gitlab-com/performance#16
-
- 27 Jun, 2016 1 commit
-
-
Connor Shea authored
Add max-height to prevent images from displaying larger than the provided screen size. Also fix a failing test and add a new one.
-
- 21 Jun, 2016 2 commits
-
-
Yorick Peterse authored
In the past this class would use Project#get_issue to retrieve an issue by its ID. This method would automatically determine whether to return an Issue or ExternalIssue. This commit changes IssueReferenceFilter to handle external issues again and in a somewhat more explicit manner than before. Fixes gitlab-org/gitlab-ce#18827
-
Alejandro Rodríguez authored
A lot of git operations were being repeated, for example, to build a url you would ask if the path was a Tree, which would call a recursive routine in Gitlab::Git::Tree#where, then ask if the path was a Blob, which would call a recursive routine at Gitlab::Git::Blob#find, making reference to the same git objects several times. Now we call Rugged::Tree#path, which allows us to determine the type of the path in one pass. Some other minor improvement added, like saving commonly used references instead of calculating them each time.
-