fix: commit messages being double-escaped in activies tab

3 files changed, 7 insertions, 1 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 90379e011d6..5d6d5bc591c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -119,6 +119,7 @@ Please view this file on the master branch, on stable branches it's out of date.
   - Cleanup Ci::ApplicationController. !6757 (Takuya Noguchi)
   - Fixes padding in all clipboard icons that have .btn class
   - Fix a typo in doc/api/labels.md
+  - Fix double-escaping in activities tab (Alexandre Maia)
   - API: all unknown routing will be handled with 404 Not Found
   - Add docs for request profiling
   - Make guests unable to view MRs on private projects
diff --git a/lib/banzai/filter/html_entity_filter.rb b/lib/banzai/filter/html_entity_filter.rb
index e008fd428b0..f3bd587c28b 100644
--- a/lib/banzai/filter/html_entity_filter.rb
+++ b/lib/banzai/filter/html_entity_filter.rb
@@ -5,7 +5,7 @@ module Banzai
     # Text filter that escapes these HTML entities: & " < >
     class HtmlEntityFilter < HTML::Pipeline::TextFilter
       def call
-        ERB::Util.html_escape(text)
+        ERB::Util.html_escape_once(text)
       end
     end
   end
diff --git a/spec/lib/banzai/filter/html_entity_filter_spec.rb b/spec/lib/banzai/filter/html_entity_filter_spec.rb
index 4c68ce6d6e4..f9e6bd609f0 100644
--- a/spec/lib/banzai/filter/html_entity_filter_spec.rb
+++ b/spec/lib/banzai/filter/html_entity_filter_spec.rb
@@ -11,4 +11,9 @@ describe Banzai::Filter::HtmlEntityFilter, lib: true do
 
     expect(output).to eq(escaped)
   end
+
+  it 'does not double-escape' do
+    escaped = ERB::Util.html_escape("Merge branch 'blabla' into 'master'")
+    expect(filter(escaped)).to eq(escaped)
+  end
 end