diff options
| author | Kushal Pandya <kushalspandya@gmail.com> | 2017-05-15 15:07:43 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-05-15 15:07:43 +0000 |
| commit | 55294ce60aeb416da285c273ef2d25572679a6c1 (patch) | |
| tree | 1899f64f4dfaea24132c12bc0114184bcba05d01 /app/assets | |
| parent | 61ececb5d6b03984fb621cbeabb5f9f7bf9fa66a (diff) | |
| download | gitlab-ce-55294ce60aeb416da285c273ef2d25572679a6c1.tar.gz | |
Improve slash command stripping, escape temporary note contents
Diffstat (limited to 'app/assets')
| -rw-r--r-- | app/assets/javascripts/notes.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/app/assets/javascripts/notes.js b/app/assets/javascripts/notes.js index bce5379cbb9..f143bfbfc29 100644 --- a/app/assets/javascripts/notes.js +++ b/app/assets/javascripts/notes.js @@ -24,7 +24,7 @@ const normalizeNewlines = function(str) { (function() { this.Notes = (function() { const MAX_VISIBLE_COMMIT_LIST_COUNT = 3; - const REGEX_SLASH_COMMANDS = /^\/\w+/gm; + const REGEX_SLASH_COMMANDS = /^\/\w+.*$/gm; Notes.interval = null; @@ -1170,6 +1170,7 @@ const normalizeNewlines = function(str) { */ Notes.prototype.createPlaceholderNote = function({ formContent, uniqueId, isDiscussionNote, currentUsername, currentUserFullname }) { const discussionClass = isDiscussionNote ? 'discussion' : ''; + const escapedFormContent = _.escape(formContent); const $tempNote = $( `<li id="${uniqueId}" class="note being-posted fade-in-half timeline-entry"> <div class="timeline-entry-inner"> @@ -1187,7 +1188,7 @@ const normalizeNewlines = function(str) { </div> <div class="note-body"> <div class="note-text"> - <p>${formContent}</p> + <p>${escapedFormContent}</p> </div> </div> </div> |