diff options
| author | Makoto Scott-Hinkle <makoto@teamtreehouse.com> | 2016-09-26 16:47:34 -0700 |
|---|---|---|
| committer | Makoto Scott-Hinkle <makoto.scotthinkle@gmail.com> | 2016-09-26 21:19:42 -0700 |
| commit | f837238a99075fd6cf7cdc2e1a3acf0fb7e139c6 (patch) | |
| tree | cc0a671061ceba3e788e0528c0a2e00cd5643e9d | |
| parent | ab496d82ecd1cc675d10fc30a3af279ad4ab1edf (diff) | |
| download | gitlab-ce-f837238a99075fd6cf7cdc2e1a3acf0fb7e139c6.tar.gz | |
Allowing ">" to be used for Milestone models's title and storing the value in db as unescaped.
Updating test value for milestone title
Adding API test for title with reserved HTML characters.
Updating changelog
Adding the MR number for fixing bug #22452.
removing duplicate line
Updating MR number.
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/models/milestone.rb | 6 | ||||
| -rw-r--r-- | spec/models/milestone_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/milestones_spec.rb | 8 |
4 files changed, 16 insertions, 3 deletions
diff --git a/CHANGELOG b/CHANGELOG index 5b08e8cd754..762cbbf3a0f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,6 +4,7 @@ v 8.13.0 (unreleased) - Speed-up group milestones show page - Fix robots.txt disallowing access to groups starting with "s" (Matt Harrison) - Revoke button in Applications Settings underlines on hover. + - Fix unnecessary escaping of reserved HTML characters in milestone title. !6533 v 8.12.2 (unreleased) - Fix Import/Export not recognising correctly the imported services. diff --git a/app/models/milestone.rb b/app/models/milestone.rb index 2bd7f198030..44c3cbb2c73 100644 --- a/app/models/milestone.rb +++ b/app/models/milestone.rb @@ -158,7 +158,7 @@ class Milestone < ActiveRecord::Base end def title=(value) - write_attribute(:title, Sanitize.clean(value.to_s)) if value.present? + write_attribute(:title, sanitize_title(value)) if value.present? end # Sorts the issues for the given IDs. @@ -204,4 +204,8 @@ class Milestone < ActiveRecord::Base iid end end + + def sanitize_title(value) + CGI.unescape_html(Sanitize.clean(value.to_s)) + end end diff --git a/spec/models/milestone_spec.rb b/spec/models/milestone_spec.rb index d64d6cde2b5..33fe22dd98c 100644 --- a/spec/models/milestone_spec.rb +++ b/spec/models/milestone_spec.rb @@ -20,10 +20,10 @@ describe Milestone, models: true do let(:user) { create(:user) } describe "#title" do - let(:milestone) { create(:milestone, title: "<b>test</b>") } + let(:milestone) { create(:milestone, title: "<b>foo & bar -> 2.2</b>") } it "sanitizes title" do - expect(milestone.title).to eq("test") + expect(milestone.title).to eq("foo & bar -> 2.2") end end diff --git a/spec/requests/api/milestones_spec.rb b/spec/requests/api/milestones_spec.rb index b89dac01040..dd192bea432 100644 --- a/spec/requests/api/milestones_spec.rb +++ b/spec/requests/api/milestones_spec.rb @@ -104,6 +104,14 @@ describe API::API, api: true do expect(response).to have_http_status(400) end + + it 'creates a new project with reserved html characters' do + post api("/projects/#{project.id}/milestones", user), title: 'foo & bar 1.1 -> 2.2' + + expect(response).to have_http_status(201) + expect(json_response['title']).to eq('foo & bar 1.1 -> 2.2') + expect(json_response['description']).to be_nil + end end describe 'PUT /projects/:id/milestones/:milestone_id' do |