diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-30 11:44:06 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-30 11:44:27 +0000 |
commit | aa5a29806f359945ec3483906a4e40ec71362a61 (patch) | |
tree | 316da62ab44dcd8fbb4515d7b967605234613384 /app/assets | |
parent | 16fa5cf183d9f59a66c1e258ce36cd3f09c8d3fd (diff) | |
download | gitlab-ce-aa5a29806f359945ec3483906a4e40ec71362a61.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee
Diffstat (limited to 'app/assets')
-rw-r--r-- | app/assets/javascripts/behaviors/markdown/copy_as_gfm.js | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/assets/javascripts/behaviors/markdown/copy_as_gfm.js b/app/assets/javascripts/behaviors/markdown/copy_as_gfm.js index 9a8af79210e..19ebab36481 100644 --- a/app/assets/javascripts/behaviors/markdown/copy_as_gfm.js +++ b/app/assets/javascripts/behaviors/markdown/copy_as_gfm.js @@ -1,4 +1,5 @@ import $ from 'jquery'; +import { sanitize } from '~/lib/dompurify'; import { getSelectedFragment, insertText } from '~/lib/utils/common_utils'; export class CopyAsGFM { @@ -69,7 +70,7 @@ export class CopyAsGFM { } else { // Due to the async copy call we are not able to produce gfm so we transform the cached HTML const div = document.createElement('div'); - div.innerHTML = gfmHtml; + div.innerHTML = sanitize(gfmHtml); CopyAsGFM.nodeToGFM(div) .then((transformedGfm) => { CopyAsGFM.insertPastedText(e.target, text, transformedGfm); |