diff options
author | Oswaldo Ferreira <oswaldo@gitlab.com> | 2018-01-17 20:26:59 +0000 |
---|---|---|
committer | Oswaldo Ferreira <oswaldo@gitlab.com> | 2018-01-17 20:26:59 +0000 |
commit | f351cc28c2c878bf491bb0886be65bf35b58b261 (patch) | |
tree | 987d0a33d93dce35b4b25c401ae2c772760299d6 /app/assets/javascripts/labels_select.js | |
parent | 3b13159d9c83e8ce679663ce264854ea94bee8a2 (diff) | |
parent | d1eb3ff594b42d6e9625724119f52d3356045870 (diff) | |
download | gitlab-ce-f351cc28c2c878bf491bb0886be65bf35b58b261.tar.gz |
Merge branch 'sh-backport-10-3-4-security-fixes' into 'master'
Backport 10.3.4 security fixes into master
See merge request gitlab-org/gitlab-ce!16509
Diffstat (limited to 'app/assets/javascripts/labels_select.js')
-rw-r--r-- | app/assets/javascripts/labels_select.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/assets/javascripts/labels_select.js b/app/assets/javascripts/labels_select.js index f7a1c9f1e40..664e793fc8e 100644 --- a/app/assets/javascripts/labels_select.js +++ b/app/assets/javascripts/labels_select.js @@ -231,7 +231,7 @@ export default class LabelsSelect { selectedClass.push('label-item'); $a.attr('data-label-id', label.id); } - $a.addClass(selectedClass.join(' ')).html(colorEl + " " + label.title); + $a.addClass(selectedClass.join(' ')).html(`${colorEl} ${_.escape(label.title)}`); // Return generated html return $li.html($a).prop('outerHTML'); }, |