summaryrefslogtreecommitdiff
path: root/app/assets/javascripts/issue_show
diff options
context:
space:
mode:
authorBob Van Landuyt <bob@gitlab.com>2018-10-01 16:47:39 +0000
committerBob Van Landuyt <bob@gitlab.com>2018-10-01 16:47:39 +0000
commitbfd3062cd3479beedb327e8fed04767f52c5c135 (patch)
tree1e132d8661b319d11b31163ef3d9c8d2ab896606 /app/assets/javascripts/issue_show
parent1735088e7c5bf62a8f896a2b0e384964de83d118 (diff)
parent6d360c210d3d822fc266eecc04753481ae4bda70 (diff)
downloadgitlab-ce-bfd3062cd3479beedb327e8fed04767f52c5c135.tar.gz
Merge branch 'security-acet-issue-details' into 'master'
[master] Fix XSS on Issue details page. See merge request gitlab/gitlabhq!2468
Diffstat (limited to 'app/assets/javascripts/issue_show')
-rw-r--r--app/assets/javascripts/issue_show/index.js7
1 files changed, 4 insertions, 3 deletions
diff --git a/app/assets/javascripts/issue_show/index.js b/app/assets/javascripts/issue_show/index.js
index 75dfdedcf1b..d08e8ba0c4b 100644
--- a/app/assets/javascripts/issue_show/index.js
+++ b/app/assets/javascripts/issue_show/index.js
@@ -1,10 +1,11 @@
import Vue from 'vue';
+import sanitize from 'sanitize-html';
import issuableApp from './components/app.vue';
import '../vue_shared/vue_resource_interceptor';
-document.addEventListener('DOMContentLoaded', () => {
+export default function initIssueableApp() {
const initialDataEl = document.getElementById('js-issuable-app-initial-data');
- const props = JSON.parse(initialDataEl.innerHTML.replace(/&quot;/g, '"'));
+ const props = JSON.parse(sanitize(initialDataEl.textContent).replace(/&quot;/g, '"'));
return new Vue({
el: document.getElementById('js-issuable-app'),
@@ -17,4 +18,4 @@ document.addEventListener('DOMContentLoaded', () => {
});
},
});
-});
+}
View Lorry Controller Status