diff options
author | Fatih Acet <acetfatih@gmail.com> | 2016-08-31 20:15:47 +0000 |
---|---|---|
committer | Fatih Acet <acetfatih@gmail.com> | 2016-08-31 20:15:47 +0000 |
commit | b5a1c9ffa017ca800d156f5fbe0387eb80199ddd (patch) | |
tree | b99601cbcf56427070a84cd9a44fffc9f214660f /app/assets/javascripts | |
parent | 46b5fc2cf2e0a505b2678e224825d134f7a29e78 (diff) | |
parent | 97d6f5b6ded829d1f7e792c59ae5eb4b2aae7c70 (diff) | |
download | gitlab-ce-b5a1c9ffa017ca800d156f5fbe0387eb80199ddd.tar.gz |
Merge branch 'label-dropdown-encode' into 'master'
Fixed escaping issue with labels filter
## What does this MR do?
Encodes label names to stop any JS errors.
## What are the relevant issue numbers?
Closes #15552
See merge request !6123
Diffstat (limited to 'app/assets/javascripts')
-rw-r--r-- | app/assets/javascripts/gl_dropdown.js | 2 | ||||
-rw-r--r-- | app/assets/javascripts/labels_select.js | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/app/assets/javascripts/gl_dropdown.js b/app/assets/javascripts/gl_dropdown.js index 5a2a8523d9f..77b2082cba0 100644 --- a/app/assets/javascripts/gl_dropdown.js +++ b/app/assets/javascripts/gl_dropdown.js @@ -556,7 +556,7 @@ if (isInput) { field = $(this.el); } else { - field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + value + "']"); + field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + escape(value) + "']"); } if (el.hasClass(ACTIVE_CLASS)) { el.removeClass(ACTIVE_CLASS); diff --git a/app/assets/javascripts/labels_select.js b/app/assets/javascripts/labels_select.js index 565dbeacdb3..bab23ff5ac0 100644 --- a/app/assets/javascripts/labels_select.js +++ b/app/assets/javascripts/labels_select.js @@ -164,7 +164,7 @@ instance.addInput(this.fieldName, label.id); } } - if ($form.find("input[type='hidden'][name='" + ($dropdown.data('fieldName')) + "'][value='" + (this.id(label)) + "']").length) { + if ($form.find("input[type='hidden'][name='" + ($dropdown.data('fieldName')) + "'][value='" + escape(this.id(label)) + "']").length) { selectedClass.push('is-active'); } if ($dropdown.hasClass('js-multiselect') && removesAll) { |