diff options
author | Jacob Schatz <jschatz@gitlab.com> | 2016-04-21 16:22:15 +0000 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-04-25 16:01:24 -0400 |
commit | e580bd8cd6ca85bf017062cc85f629303751c26b (patch) | |
tree | 6f15a0d785a7eb68e1b85ee2bd4c90e931be6def | |
parent | f02c5cc753c9e74767cd73ae29e591c5ad1effa2 (diff) | |
download | gitlab-ce-e580bd8cd6ca85bf017062cc85f629303751c26b.tar.gz |
Merge branch 'issue_15434' into 'master'
Fixes XSS injection
REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15434
**Without the fix**
![xss1](/uploads/0a7b0b15fb87066965a7c73f1dbaa815/xss1.gif)
**With the fix**
![xss2](/uploads/473cfa0aa80656f24c58aebf1fd97fff/xss2.gif)
See merge request !1952
-rw-r--r-- | app/assets/javascripts/commits.js.coffee | 2 | ||||
-rw-r--r-- | app/views/projects/commits/show.html.haml | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/app/assets/javascripts/commits.js.coffee b/app/assets/javascripts/commits.js.coffee index ffd3627b1b0..0acb4c1955e 100644 --- a/app/assets/javascripts/commits.js.coffee +++ b/app/assets/javascripts/commits.js.coffee @@ -1,7 +1,7 @@ class @CommitsList @timer = null - @init: (ref, limit) -> + @init: (limit) -> $("body").on "click", ".day-commits-table li.commit", (event) -> if event.target.nodeName != "A" location.href = $(this).attr("url") diff --git a/app/views/projects/commits/show.html.haml b/app/views/projects/commits/show.html.haml index ede64d47ab3..f21beaf9341 100644 --- a/app/views/projects/commits/show.html.haml +++ b/app/views/projects/commits/show.html.haml @@ -36,4 +36,4 @@ = spinner :javascript - CommitsList.init("#{@ref}", #{@limit}); + CommitsList.init(#{@limit}); |