diff options
author | Phil Hughes <me@iamphill.com> | 2018-07-10 09:44:42 +0100 |
---|---|---|
committer | Phil Hughes <me@iamphill.com> | 2018-07-10 09:44:42 +0100 |
commit | 0a59ccac61d16dde068d3a78a04060265dd34e28 (patch) | |
tree | 2749ae8c0073b96da1f432924e3b3ef61c47a9ad /app/assets/javascripts/ide | |
parent | 1fb0fc3ad3e79f980774e592d1000739003cf8c7 (diff) | |
download | gitlab-ce-0a59ccac61d16dde068d3a78a04060265dd34e28.tar.gz |
Fixed XSS in branch name in Web IDE
#2691
Diffstat (limited to 'app/assets/javascripts/ide')
-rw-r--r-- | app/assets/javascripts/ide/components/commit_sidebar/actions.vue | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/assets/javascripts/ide/components/commit_sidebar/actions.vue b/app/assets/javascripts/ide/components/commit_sidebar/actions.vue index eb7cb9745ec..a8b5c7a16d0 100644 --- a/app/assets/javascripts/ide/components/commit_sidebar/actions.vue +++ b/app/assets/javascripts/ide/components/commit_sidebar/actions.vue @@ -1,4 +1,5 @@ <script> +import _ from 'underscore'; import { mapActions, mapState, mapGetters } from 'vuex'; import { sprintf, __ } from '~/locale'; import * as consts from '../../stores/modules/commit/constants'; @@ -14,7 +15,7 @@ export default { commitToCurrentBranchText() { return sprintf( __('Commit to %{branchName} branch'), - { branchName: `<strong class="monospace">${this.currentBranchId}</strong>` }, + { branchName: `<strong class="monospace">${_.escape(this.currentBranchId)}</strong>` }, false, ); }, |