diff options
author | Phil Hughes <me@iamphill.com> | 2016-08-31 11:41:16 +0100 |
---|---|---|
committer | Phil Hughes <me@iamphill.com> | 2016-08-31 11:41:16 +0100 |
commit | 97d6f5b6ded829d1f7e792c59ae5eb4b2aae7c70 (patch) | |
tree | 8260c298f4fd7a1dbe8350dac3d4d5fd8903104e /app/assets/javascripts | |
parent | 4d042afeced540c0acd887714d8ec7c962b7c507 (diff) | |
download | gitlab-ce-97d6f5b6ded829d1f7e792c59ae5eb4b2aae7c70.tar.gz |
Fixed escaping issue with labels filterlabel-dropdown-encode
Closes #15552
Diffstat (limited to 'app/assets/javascripts')
-rw-r--r-- | app/assets/javascripts/gl_dropdown.js | 2 | ||||
-rw-r--r-- | app/assets/javascripts/labels_select.js | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/app/assets/javascripts/gl_dropdown.js b/app/assets/javascripts/gl_dropdown.js index 5a2a8523d9f..77b2082cba0 100644 --- a/app/assets/javascripts/gl_dropdown.js +++ b/app/assets/javascripts/gl_dropdown.js @@ -556,7 +556,7 @@ if (isInput) { field = $(this.el); } else { - field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + value + "']"); + field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + escape(value) + "']"); } if (el.hasClass(ACTIVE_CLASS)) { el.removeClass(ACTIVE_CLASS); diff --git a/app/assets/javascripts/labels_select.js b/app/assets/javascripts/labels_select.js index 565dbeacdb3..bab23ff5ac0 100644 --- a/app/assets/javascripts/labels_select.js +++ b/app/assets/javascripts/labels_select.js @@ -164,7 +164,7 @@ instance.addInput(this.fieldName, label.id); } } - if ($form.find("input[type='hidden'][name='" + ($dropdown.data('fieldName')) + "'][value='" + (this.id(label)) + "']").length) { + if ($form.find("input[type='hidden'][name='" + ($dropdown.data('fieldName')) + "'][value='" + escape(this.id(label)) + "']").length) { selectedClass.push('is-active'); } if ($dropdown.hasClass('js-multiselect') && removesAll) { |