Add latest changes from gitlab-org/security/gitlab@14-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-27 12:41:41 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-27 12:41:41 +0000
commit: c1c828ac7f7b3c2e51d81921bbef9d474cd4d0a4 (patch)
tree: 32fabcdfa49cd8eab122cf5efecb47db6d5e59bf /app/assets/javascripts
parent: 547a5884d1ab6a22d9fc9ce79e5cf6f0310bc23d (diff)
download: gitlab-ce-c1c828ac7f7b3c2e51d81921bbef9d474cd4d0a4.tar.gz
2 files changed, 26 insertions, 1 deletions
diff --git a/app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue b/app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
index 261f7af7ef1..c53d367ed71 100644
--- a/app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
+++ b/app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
@@ -37,6 +37,10 @@ export default {
     securityAndComplianceLabel: s__('ProjectSettings|Security & Compliance'),
     snippetsLabel: s__('ProjectSettings|Snippets'),
     wikiLabel: s__('ProjectSettings|Wiki'),
+    pucWarningLabel: s__('ProjectSettings|Warn about Potentially Unwanted Characters'),
+    pucWarningHelpText: s__(
+      'ProjectSettings|Highlight the usage of hidden unicode characters. These have innocent uses for right-to-left languages, but can also be used in potential exploits.',
+    ),
   },
 
   components: {
@@ -178,6 +182,7 @@ export default {
       securityAndComplianceAccessLevel: featureAccessLevel.PROJECT_MEMBERS,
       operationsAccessLevel: featureAccessLevel.EVERYONE,
       containerRegistryAccessLevel: featureAccessLevel.EVERYONE,
+      warnAboutPotentiallyUnwantedCharacters: true,
       lfsEnabled: true,
       requestAccessEnabled: true,
       highlightChangesClass: false,
@@ -752,5 +757,19 @@ export default {
         }}</template>
       </gl-form-checkbox>
     </project-setting-row>
+    <project-setting-row class="gl-mb-5">
+      <input
+        :value="warnAboutPotentiallyUnwantedCharacters"
+        type="hidden"
+        name="project[project_setting_attributes][warn_about_potentially_unwanted_characters]"
+      />
+      <gl-form-checkbox
+        v-model="warnAboutPotentiallyUnwantedCharacters"
+        name="project[project_setting_attributes][warn_about_potentially_unwanted_characters]"
+      >
+        {{ $options.i18n.pucWarningLabel }}
+        <template #help>{{ $options.i18n.pucWarningHelpText }}</template>
+      </gl-form-checkbox>
+    </project-setting-row>
   </div>
 </template>
diff --git a/app/assets/javascripts/snippets/components/show.vue b/app/assets/javascripts/snippets/components/show.vue
index 46629a569ec..35d88d5ec8e 100644
--- a/app/assets/javascripts/snippets/components/show.vue
+++ b/app/assets/javascripts/snippets/components/show.vue
@@ -66,7 +66,13 @@ export default {
           data-qa-selector="clone_button"
         />
       </div>
-      <snippet-blob v-for="blob in blobs" :key="blob.path" :snippet="snippet" :blob="blob" />
+      <snippet-blob
+        v-for="blob in blobs"
+        :key="blob.path"
+        :snippet="snippet"
+        :blob="blob"
+        class="project-highlight-puc"
+      />
     </template>
   </div>
 </template>
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-27 12:41:41 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-27 12:41:41 +0000
commit	c1c828ac7f7b3c2e51d81921bbef9d474cd4d0a4 (patch)
tree	32fabcdfa49cd8eab122cf5efecb47db6d5e59bf /app/assets/javascripts
parent	547a5884d1ab6a22d9fc9ce79e5cf6f0310bc23d (diff)
download	gitlab-ce-c1c828ac7f7b3c2e51d81921bbef9d474cd4d0a4.tar.gz