diff options
author | Winnie Hellmann <winnie@gitlab.com> | 2017-12-11 12:07:57 +0000 |
---|---|---|
committer | Winnie Hellmann <winnie@gitlab.com> | 2017-12-11 12:07:57 +0000 |
commit | 1eff1bd385a28ccde7d0dc3a991c499ada1a63bd (patch) | |
tree | b57fbf22b38f0abe59219091842428b4a5358e9c /app/assets | |
parent | 689bc9ea6db102006b548e6176125157955c7f2b (diff) | |
parent | f71e48a0d09597e19aa629e4c7d42035ca08d852 (diff) | |
download | gitlab-ce-1eff1bd385a28ccde7d0dc3a991c499ada1a63bd.tar.gz |
Merge branch 'mk-pick-10-2-4-security-fixes' into 'master'
Pick 10.2.4 security fixes into master
See merge request gitlab-org/gitlab-ce!15821
Diffstat (limited to 'app/assets')
-rw-r--r-- | app/assets/javascripts/notes/components/issue_note.vue | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/assets/javascripts/notes/components/issue_note.vue b/app/assets/javascripts/notes/components/issue_note.vue index 8c81c5d6df3..3ceb961f58e 100644 --- a/app/assets/javascripts/notes/components/issue_note.vue +++ b/app/assets/javascripts/notes/components/issue_note.vue @@ -1,5 +1,6 @@ <script> import { mapGetters, mapActions } from 'vuex'; + import { escape } from 'underscore'; import Flash from '../../flash'; import userAvatarLink from '../../vue_shared/components/user_avatar/user_avatar_link.vue'; import noteHeader from './note_header.vue'; @@ -85,7 +86,7 @@ }; this.isRequesting = true; this.oldContent = this.note.note_html; - this.note.note_html = noteText; + this.note.note_html = escape(noteText); this.updateNote(data) .then(() => { |