diff options
author | Jen-Shin Lin <jen-shin@gitlab.com> | 2017-10-17 10:12:24 +0000 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2017-10-17 15:58:58 -0700 |
commit | bd46c8abfd5ee964c47eff0ace021e45cbbe6687 (patch) | |
tree | e22dc885b8d70829cf3893cc65c49f6351bc2d34 /app/assets/javascripts/filtered_search | |
parent | 9978ef9884023df12b3fbc5758cf93d166100c80 (diff) | |
download | gitlab-ce-bd46c8abfd5ee964c47eff0ace021e45cbbe6687.tar.gz |
Merge branch 'security-10-1' into '10-1-stable'
Security fixes for 10.1 RC
See merge request gitlab/gitlabhq!2209
Diffstat (limited to 'app/assets/javascripts/filtered_search')
-rw-r--r-- | app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js b/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js index dd24fc44d2a..d2f92929b8a 100644 --- a/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js +++ b/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js @@ -123,8 +123,8 @@ class FilteredSearchVisualTokens { /* eslint-disable no-param-reassign */ tokenValueContainer.dataset.originalValue = tokenValue; tokenValueElement.innerHTML = ` - <img class="avatar s20" src="${user.avatar_url}" alt="${user.name}'s avatar"> - ${user.name} + <img class="avatar s20" src="${user.avatar_url}" alt=""> + ${_.escape(user.name)} `; /* eslint-enable no-param-reassign */ }) |