diff options
| author | Connor Shea <connor.james.shea@gmail.com> | 2016-06-21 16:00:01 -0600 |
|---|---|---|
| committer | Connor Shea <connor.james.shea@gmail.com> | 2016-06-29 15:59:30 -0600 |
| commit | 491c213af67ab65ea3f4b40e8cf39558fb378e6b (patch) | |
| tree | 679cca20a70bc6258e56ee4acd6aef22b48779a8 | |
| parent | 65187efa5c7202e8b6429edfd17ad844cd584a32 (diff) | |
| download | gitlab-ce-underscore-templates.tar.gz | |
Fix unescaped strings in Underscore templates.underscore-templates
| -rw-r--r-- | app/assets/javascripts/issuable.js.coffee | 8 | ||||
| -rw-r--r-- | app/assets/javascripts/labels_select.js.coffee | 6 | ||||
| -rw-r--r-- | app/assets/javascripts/milestone_select.js.coffee | 6 | ||||
| -rw-r--r-- | app/assets/javascripts/users_select.js.coffee | 12 |
4 files changed, 16 insertions, 16 deletions
diff --git a/app/assets/javascripts/issuable.js.coffee b/app/assets/javascripts/issuable.js.coffee index 0527c66461c..c71d4ecf505 100644 --- a/app/assets/javascripts/issuable.js.coffee +++ b/app/assets/javascripts/issuable.js.coffee @@ -11,11 +11,11 @@ issuable_created = false initTemplates: -> Issuable.labelRow = _.template( '<% _.each(labels, function(label){ %> - <span class="label-row btn-group" role="group" aria-label="<%= _.escape(label.title) %>" style="color: <%= label.text_color %>;"> - <a href="#" class="btn btn-transparent has-tooltip" style="background-color: <%= label.color %>;" title="<%= _.escape(label.description) %>" data-container="body"> - <%= _.escape(label.title) %> + <span class="label-row btn-group" role="group" aria-label="<%- label.title %>" style="color: <%- label.text_color %>;"> + <a href="#" class="btn btn-transparent has-tooltip" style="background-color: <%- label.color %>;" title="<%- label.description %>" data-container="body"> + <%- label.title %> </a> - <button type="button" class="btn btn-transparent label-remove js-label-filter-remove" style="background-color: <%= label.color %>;" data-label="<%= _.escape(label.title) %>"> + <button type="button" class="btn btn-transparent label-remove js-label-filter-remove" style="background-color: <%- label.color %>;" data-label="<%- label.title %>"> <i class="fa fa-times"></i> </button> </span> diff --git a/app/assets/javascripts/labels_select.js.coffee b/app/assets/javascripts/labels_select.js.coffee index e95fd96a83f..ce859fedb2d 100644 --- a/app/assets/javascripts/labels_select.js.coffee +++ b/app/assets/javascripts/labels_select.js.coffee @@ -32,9 +32,9 @@ class @LabelsSelect if issueUpdateURL labelHTMLTemplate = _.template( '<% _.each(labels, function(label){ %> - <a href="<%= ["",issueURLSplit[1], issueURLSplit[2],""].join("/") %>issues?label_name[]=<%= _.escape(label.title) %>"> - <span class="label has-tooltip color-label" title="<%= _.escape(label.description) %>" style="background-color: <%= label.color %>; color: <%= label.text_color %>;"> - <%= _.escape(label.title) %> + <a href="<%- ["",issueURLSplit[1], issueURLSplit[2],""].join("/") %>issues?label_name[]=<%- label.title %>"> + <span class="label has-tooltip color-label" title="<%- label.description %>" style="background-color: <%- label.color %>; color: <%- label.text_color %>;"> + <%- label.title %> </span> </a> <% }); %>' diff --git a/app/assets/javascripts/milestone_select.js.coffee b/app/assets/javascripts/milestone_select.js.coffee index 02480f3a025..8ab03ed93ee 100644 --- a/app/assets/javascripts/milestone_select.js.coffee +++ b/app/assets/javascripts/milestone_select.js.coffee @@ -24,14 +24,14 @@ class @MilestoneSelect if issueUpdateURL milestoneLinkTemplate = _.template( - '<a href="/<%= namespace %>/<%= path %>/milestones/<%= iid %>" class="bold has-tooltip" data-container="body" title="<%= remaining %>"><%= _.escape(title) %></a>' + '<a href="/<%- namespace %>/<%- path %>/milestones/<%- iid %>" class="bold has-tooltip" data-container="body" title="<%- remaining %>"><%- title %></a>' ) milestoneLinkNoneTemplate = '<span class="no-value">None</span>' collapsedSidebarLabelTemplate = _.template( - '<span class="has-tooltip" data-container="body" title="<%= remaining %>" data-placement="left"> - <%= _.escape(title) %> + '<span class="has-tooltip" data-container="body" title="<%- remaining %>" data-placement="left"> + <%- title %> </span>' ) diff --git a/app/assets/javascripts/users_select.js.coffee b/app/assets/javascripts/users_select.js.coffee index 2548efb2186..4e032ab1ff1 100644 --- a/app/assets/javascripts/users_select.js.coffee +++ b/app/assets/javascripts/users_select.js.coffee @@ -61,8 +61,8 @@ class @UsersSelect collapsedAssigneeTemplate = _.template( '<% if( avatar ) { %> - <a class="author_link" href="/u/<%= username %>"> - <img width="24" class="avatar avatar-inline s24" alt="" src="<%= avatar %>"> + <a class="author_link" href="/u/<%- username %>"> + <img width="24" class="avatar avatar-inline s24" alt="" src="<%- avatar %>"> <span class="author">Toni Boehm</span> </a> <% } else { %> @@ -72,13 +72,13 @@ class @UsersSelect assigneeTemplate = _.template( '<% if (username) { %> - <a class="author_link bold" href="/u/<%= username %>"> + <a class="author_link bold" href="/u/<%- username %>"> <% if( avatar ) { %> - <img width="32" class="avatar avatar-inline s32" alt="" src="<%= avatar %>"> + <img width="32" class="avatar avatar-inline s32" alt="" src="<%- avatar %>"> <% } %> - <span class="author"><%= name %></span> + <span class="author"><%- name %></span> <span class="username"> - @<%= username %> + @<%- username %> </span> </a> <% } else { %> |