diff options
author | Igor Drozdov <idrozdov@gitlab.com> | 2019-04-16 16:29:37 +0300 |
---|---|---|
committer | Igor Drozdov <idrozdov@gitlab.com> | 2019-04-17 17:54:42 +0300 |
commit | 25fc75f33a4cafb2cfce1f58be2f82d1422cba07 (patch) | |
tree | a1c944c34a1a47590f02c48e46c1f099857764a2 | |
parent | 5c46af40687ae7529c33211464724f909051eb05 (diff) | |
download | gitlab-ce-25fc75f33a4cafb2cfce1f58be2f82d1422cba07.tar.gz |
Escape path in new merge request mail
-rw-r--r-- | app/views/notify/new_merge_request_email.html.haml | 2 | ||||
-rw-r--r-- | changelogs/unreleased/security-id-email-xss.yml | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/app/views/notify/new_merge_request_email.html.haml b/app/views/notify/new_merge_request_email.html.haml index db23447dd39..78de5548dad 100644 --- a/app/views/notify/new_merge_request_email.html.haml +++ b/app/views/notify/new_merge_request_email.html.haml @@ -3,7 +3,7 @@ #{link_to @merge_request.author_name, user_url(@merge_request.author)} created a merge request: %p.details - != merge_path_description(@merge_request, '→') + = merge_path_description(@merge_request, '→') - if @merge_request.assignee_id.present? %p diff --git a/changelogs/unreleased/security-id-email-xss.yml b/changelogs/unreleased/security-id-email-xss.yml new file mode 100644 index 00000000000..36c00a70c6a --- /dev/null +++ b/changelogs/unreleased/security-id-email-xss.yml @@ -0,0 +1,5 @@ +--- +title: Escape path in new merge request mail +merge_request: +author: +type: security |