diff options
| author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-06-29 18:26:21 -0300 |
|---|---|---|
| committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-07-05 20:59:33 -0300 |
| commit | e87ed41876effa6c24cb521aeb8470d18bf52b12 (patch) | |
| tree | ae4a56f579e8abf5529d99250029f9ead13882bd | |
| parent | 5d11cf2e98156c7fff403c3d8375da6f9b7edbf3 (diff) | |
| download | gitlab-ce-e87ed41876effa6c24cb521aeb8470d18bf52b12.tar.gz | |
Render label name contains ?, & in the labels dropdown without escaping
| -rw-r--r-- | app/assets/javascripts/labels_select.js.coffee | 4 | ||||
| -rw-r--r-- | app/views/shared/_labels_row.html.haml | 7 |
2 files changed, 5 insertions, 6 deletions
diff --git a/app/assets/javascripts/labels_select.js.coffee b/app/assets/javascripts/labels_select.js.coffee index b88bc402801..3b826a6af97 100644 --- a/app/assets/javascripts/labels_select.js.coffee +++ b/app/assets/javascripts/labels_select.js.coffee @@ -261,7 +261,7 @@ class @LabelsSelect $a.attr('data-label-id', label.id) $a.addClass(selectedClass.join(' ')) - .html("#{colorEl} #{_.escape(label.title)}") + .html("#{colorEl} #{label.title}") # Return generated html $li.html($a).prop('outerHTML') @@ -288,7 +288,7 @@ class @LabelsSelect fieldName: $dropdown.data('field-name') id: (label) -> if $dropdown.hasClass("js-filter-submit") and not label.isAny? - _.escape label.title + label.title else label.id diff --git a/app/views/shared/_labels_row.html.haml b/app/views/shared/_labels_row.html.haml index 5507a05f6c1..dce492352ac 100644 --- a/app/views/shared/_labels_row.html.haml +++ b/app/views/shared/_labels_row.html.haml @@ -1,10 +1,9 @@ - labels.each do |label| - %span.label-row.btn-group{ role: "group", aria: { label: escape_once(label.name) }, style: "color: #{text_color_for_bg(label.color)}" } - = link_to label_filter_path(@project, label, type: controller.controller_name), + %span.label-row.btn-group{ role: "group", aria: { label: label.name }, style: "color: #{text_color_for_bg(label.color)}" } + = link_to label.name, label_filter_path(@project, label, type: controller.controller_name), class: "btn btn-transparent has-tooltip", style: "background-color: #{label.color};", title: escape_once(label.description), - data: { container: "body" } do - = escape_once label.name + data: { container: "body" } %button.btn.btn-transparent.label-remove.js-label-filter-remove{ type: "button", style: "background-color: #{label.color};", data: { label: label.title } } = icon("times") |