diff options
author | Sean McGivern <sean@mcgivern.me.uk> | 2016-10-19 13:56:08 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-10-20 17:02:58 +0200 |
commit | 9adc3f4ca3ceee01f6abf6ec6ea29a02d045244c (patch) | |
tree | 005b2021d2f490651a1f16b439f74b5416a5d1f0 | |
parent | 38e4d464fbafd02e8db688487502c1b7033b2373 (diff) | |
download | gitlab-ce-9adc3f4ca3ceee01f6abf6ec6ea29a02d045244c.tar.gz |
Merge branch 'fix-escaping' into 'master'
fix: commit messages being double-escaped in activities tab
See merge request !6937
-rw-r--r-- | CHANGELOG.md | 1 | ||||
-rw-r--r-- | lib/banzai/filter/html_entity_filter.rb | 2 | ||||
-rw-r--r-- | spec/lib/banzai/filter/html_entity_filter_spec.rb | 5 |
3 files changed, 7 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 08cc9e19bb2..8ab13ccd13d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -126,6 +126,7 @@ Please view this file on the master branch, on stable branches it's out of date. - Cleanup Ci::ApplicationController. !6757 (Takuya Noguchi) - Fixes padding in all clipboard icons that have .btn class - Fix a typo in doc/api/labels.md + - Fix double-escaping in activities tab (Alexandre Maia) - API: all unknown routing will be handled with 404 Not Found - Add docs for request profiling - Delete dynamic environments diff --git a/lib/banzai/filter/html_entity_filter.rb b/lib/banzai/filter/html_entity_filter.rb index e008fd428b0..f3bd587c28b 100644 --- a/lib/banzai/filter/html_entity_filter.rb +++ b/lib/banzai/filter/html_entity_filter.rb @@ -5,7 +5,7 @@ module Banzai # Text filter that escapes these HTML entities: & " < > class HtmlEntityFilter < HTML::Pipeline::TextFilter def call - ERB::Util.html_escape(text) + ERB::Util.html_escape_once(text) end end end diff --git a/spec/lib/banzai/filter/html_entity_filter_spec.rb b/spec/lib/banzai/filter/html_entity_filter_spec.rb index 4c68ce6d6e4..f9e6bd609f0 100644 --- a/spec/lib/banzai/filter/html_entity_filter_spec.rb +++ b/spec/lib/banzai/filter/html_entity_filter_spec.rb @@ -11,4 +11,9 @@ describe Banzai::Filter::HtmlEntityFilter, lib: true do expect(output).to eq(escaped) end + + it 'does not double-escape' do + escaped = ERB::Util.html_escape("Merge branch 'blabla' into 'master'") + expect(filter(escaped)).to eq(escaped) + end end |