Merge branch 'fix-mermaid-xss' into 'security-10-4'

[10.4] Fix stored XSS in code blocks
author: Douwe Maan <douwe@gitlab.com> 2018-01-31 21:48:18 +0000
committer: Robert Speicher <rspeicher@gmail.com> 2018-02-09 12:13:44 -0600
commit: 603fa7c14193d37e3953225501d2108f0c581df5 (patch)
tree: bbaa12a41c577dbcb7e4cd1772df7fd2f2156d8e /app/assets/javascripts
parent: 5e9e56924a56dcb84c3ae4ae6fc308f635f39f66 (diff)
download: gitlab-ce-603fa7c14193d37e3953225501d2108f0c581df5.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/app/assets/javascripts/render_mermaid.js b/app/assets/javascripts/render_mermaid.js
index 31c7a772cf4..d4f18955bd2 100644
--- a/app/assets/javascripts/render_mermaid.js
+++ b/app/assets/javascripts/render_mermaid.js
@@ -30,6 +30,9 @@ export default function renderMermaid($els) {
     $els.each((i, el) => {
       const source = el.textContent;
 
+      // Remove any extra spans added by the backend syntax highlighting.
+      Object.assign(el, { textContent: source });
+
       mermaid.init(undefined, el, (id) => {
         const svg = document.getElementById(id);
author	Douwe Maan <douwe@gitlab.com>	2018-01-31 21:48:18 +0000
committer	Robert Speicher <rspeicher@gmail.com>	2018-02-09 12:13:44 -0600
commit	603fa7c14193d37e3953225501d2108f0c581df5 (patch)
tree	bbaa12a41c577dbcb7e4cd1772df7fd2f2156d8e /app/assets/javascripts
parent	5e9e56924a56dcb84c3ae4ae6fc308f635f39f66 (diff)
download	gitlab-ce-603fa7c14193d37e3953225501d2108f0c581df5.tar.gz