diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-04-25 10:38:58 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-04-25 10:38:58 +0000 |
commit | c2c657982ec80ae4efd493e80082c43480da3fef (patch) | |
tree | c81fff30b9dfe66a362fd174d31c0cf3bbb7967f | |
parent | a101152320d86b74d620be2261b165ae086f1ed6 (diff) | |
parent | 25fc75f33a4cafb2cfce1f58be2f82d1422cba07 (diff) | |
download | gitlab-ce-c2c657982ec80ae4efd493e80082c43480da3fef.tar.gz |
Merge branch 'security-id-email-xss-11-10' into '11-10-stable'
Escape path in new merge request mail
See merge request gitlab/gitlabhq!3068
-rw-r--r-- | app/views/notify/new_merge_request_email.html.haml | 2 | ||||
-rw-r--r-- | changelogs/unreleased/security-id-email-xss.yml | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/app/views/notify/new_merge_request_email.html.haml b/app/views/notify/new_merge_request_email.html.haml index db23447dd39..78de5548dad 100644 --- a/app/views/notify/new_merge_request_email.html.haml +++ b/app/views/notify/new_merge_request_email.html.haml @@ -3,7 +3,7 @@ #{link_to @merge_request.author_name, user_url(@merge_request.author)} created a merge request: %p.details - != merge_path_description(@merge_request, '→') + = merge_path_description(@merge_request, '→') - if @merge_request.assignee_id.present? %p diff --git a/changelogs/unreleased/security-id-email-xss.yml b/changelogs/unreleased/security-id-email-xss.yml new file mode 100644 index 00000000000..36c00a70c6a --- /dev/null +++ b/changelogs/unreleased/security-id-email-xss.yml @@ -0,0 +1,5 @@ +--- +title: Escape path in new merge request mail +merge_request: +author: +type: security |