diff options
author | Josh Frye <joshfng@gmail.com> | 2016-01-12 14:15:59 -0500 |
---|---|---|
committer | Josh Frye <joshfng@gmail.com> | 2016-01-12 14:15:59 -0500 |
commit | 95e76aa0516e5d4e83457dfd80fcee42f6f92b91 (patch) | |
tree | a7d6baecb5b60bf8e1dfefb1bfc33c89fde7b659 | |
parent | 62aebc8541a164e3935cdeef335659bf4dc97839 (diff) | |
download | gitlab-ce-abuse-autofill-message.tar.gz |
sanitize user supplied input.abuse-autofill-message
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/views/abuse_reports/new.html.haml | 2 |
2 files changed, 1 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG index df1d281ce28..7dd17251663 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -42,7 +42,6 @@ v 8.4.0 (unreleased) - Ajax filter by message for commits page - API: Add support for deleting a tag via the API (Robert Schilling) - Allow subsequent validations in CI Linter - - Autofill referring url in message box when reporting user abuse. (Josh Frye) v 8.3.4 - Use gitlab-workhorse 0.5.4 (fixes API routing bug) diff --git a/app/views/abuse_reports/new.html.haml b/app/views/abuse_reports/new.html.haml index 8d31182a3e6..f125ecf7be5 100644 --- a/app/views/abuse_reports/new.html.haml +++ b/app/views/abuse_reports/new.html.haml @@ -16,7 +16,7 @@ .form-group = f.label :message, class: 'control-label' .col-sm-10 - = f.text_area :message, class: "form-control js-quick-submit", rows: 2, required: true, value: @ref_url + = f.text_area :message, class: "form-control js-quick-submit", rows: 2, required: true, value: sanitize(@ref_url) .help-block Explain the problem with this user. If appropriate, provide a link to the relevant issue or comment. |