Add latest changes from gitlab-org/security/gitlab@15-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-09-28 21:59:41 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-09-28 21:59:41 +0000
commit: cc201d1e1be2c8f4de2e2265c2b83bd925f8a260 (patch)
tree: 7347a079cde32c08900547d96a7c5ddbc2a50259 /app/assets
parent: 70d9f335be46efecb1328cd2b7da3f3e17516d7d (diff)
download: gitlab-ce-cc201d1e1be2c8f4de2e2265c2b83bd925f8a260.tar.gz
5 files changed, 40 insertions, 29 deletions
diff --git a/app/assets/javascripts/vue_merge_request_widget/components/extensions/child_content.vue b/app/assets/javascripts/vue_merge_request_widget/components/extensions/child_content.vue
index 52c9f047b76..a10e5efa0e7 100644
--- a/app/assets/javascripts/vue_merge_request_widget/components/extensions/child_content.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/components/extensions/child_content.vue
@@ -1,5 +1,6 @@
 <script>
 import { GlBadge, GlLink, GlSafeHtmlDirective, GlModalDirective } from '@gitlab/ui';
+import { isArray } from 'lodash';
 import Actions from '../action_buttons.vue';
 import StatusIcon from './status_icon.vue';
 import { generateText } from './utils';
@@ -35,6 +36,20 @@ export default {
       required: true,
     },
   },
+  computed: {
+    subtext() {
+      const { subtext } = this.data;
+      if (subtext) {
+        if (isArray(subtext)) {
+          return subtext.map((t) => generateText(t)).join('<br />');
+        }
+
+        return generateText(subtext);
+      }
+
+      return null;
+    },
+  },
   methods: {
     isArray(arr) {
       return Array.isArray(arr);
@@ -93,11 +108,7 @@ export default {
             @clickedAction="onClickedAction"
           />
         </div>
-        <p
-          v-if="data.subtext"
-          v-safe-html="generateText(data.subtext)"
-          class="gl-m-0 gl-font-sm"
-        ></p>
+        <p v-if="subtext" v-safe-html="subtext" class="gl-m-0 gl-font-sm"></p>
       </div>
     </div>
     <template v-if="data.children && level === 2">
diff --git a/app/assets/javascripts/vue_merge_request_widget/components/extensions/utils.js b/app/assets/javascripts/vue_merge_request_widget/components/extensions/utils.js
index cba12507eba..757178ee336 100644
--- a/app/assets/javascripts/vue_merge_request_widget/components/extensions/utils.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/extensions/utils.js
@@ -35,6 +35,9 @@ const textStyleTags = {
   [getStartTag('small')]: '<span class="gl-font-sm gl-text-gray-700">',
 };
 
+const escapeText = (text) =>
+  document.createElement('div').appendChild(document.createTextNode(text)).parentNode.innerHTML;
+
 const createText = (text) => {
   return text
     .replace(
@@ -61,7 +64,7 @@ const createText = (text) => {
 
 export const generateText = (text) => {
   if (typeof text === 'string') {
-    return createText(text);
+    return createText(escapeText(text));
   } else if (
     typeof text === 'object' &&
     typeof text.text === 'string' &&
@@ -69,8 +72,8 @@ export const generateText = (text) => {
   ) {
     return createText(
       `${
-        text.prependText ? `${text.prependText} ` : ''
-      }<a class="gl-text-decoration-underline" href="${text.href}">${text.text}</a>`,
+        text.prependText ? `${escapeText(text.prependText)} ` : ''
+      }<a class="gl-text-decoration-underline" href="${text.href}">${escapeText(text.text)}</a>`,
     );
   }
 
diff --git a/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js b/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js
index 2477429af5b..68347ac269e 100644
--- a/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js
+++ b/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js
@@ -19,25 +19,23 @@ export default {
       if (errorSummary.errored >= 1 && errorSummary.resolved >= 1) {
         const improvements = sprintf(
           n__(
-            '%{strongOpen}%{errors}%{strongClose} point',
-            '%{strongOpen}%{errors}%{strongClose} points',
+            '%{strong_start}%{errors}%{strong_end} point',
+            '%{strong_start}%{errors}%{strong_end} points',
             resolvedErrors.length,
           ),
           {
             errors: resolvedErrors.length,
-            strongOpen: '<strong>',
-            strongClose: '</strong>',
           },
           false,
         );
 
         const degradations = sprintf(
           n__(
-            '%{strongOpen}%{errors}%{strongClose} point',
-            '%{strongOpen}%{errors}%{strongClose} points',
+            '%{strong_start}%{errors}%{strong_end} point',
+            '%{strong_start}%{errors}%{strong_end} points',
             newErrors.length,
           ),
-          { errors: newErrors.length, strongOpen: '<strong>', strongClose: '</strong>' },
+          { errors: newErrors.length },
           false,
         );
         return sprintf(
@@ -96,14 +94,11 @@ export default {
       this.collapsedData.resolvedErrors.map((e) => {
         return fullData.push({
           text: `${capitalizeFirstCharacter(e.severity)} - ${e.description}`,
-          subtext: sprintf(
-            s__(`ciReport|in %{open_link}${e.file_path}:${e.line}%{close_link}`),
-            {
-              open_link: `<a class="gl-text-decoration-underline" href="${e.urlPath}">`,
-              close_link: '</a>',
-            },
-            false,
-          ),
+          subtext: {
+            prependText: s__(`ciReport|in`),
+            text: `${e.file_path}:${e.line}`,
+            href: e.urlPath,
+          },
           icon: {
             name: SEVERITY_ICONS_EXTENSION[e.severity],
           },
diff --git a/app/assets/javascripts/vue_merge_request_widget/extensions/terraform/index.js b/app/assets/javascripts/vue_merge_request_widget/extensions/terraform/index.js
index 6611aedcb07..626a99f7d64 100644
--- a/app/assets/javascripts/vue_merge_request_widget/extensions/terraform/index.js
+++ b/app/assets/javascripts/vue_merge_request_widget/extensions/terraform/index.js
@@ -63,13 +63,16 @@ export default {
       if (valid.length) {
         title = validText;
         if (invalid.length) {
-          subtitle = sprintf(`<br>%{small_start}${invalidText}%{small_end}`);
+          subtitle = invalidText;
         }
       } else {
         title = invalidText;
       }
 
-      return `${title}${subtitle}`;
+      return {
+        subject: title,
+        meta: subtitle,
+      };
     },
     fetchCollapsedData() {
       return axios
@@ -152,9 +155,8 @@ export default {
       }
 
       return {
-        text: `${title}
-        <br>
-        ${subtitle}`,
+        text: title,
+        supportingText: subtitle,
         icon: { name: iconName },
         actions,
       };
diff --git a/app/assets/javascripts/vue_merge_request_widget/extensions/test_report/utils.js b/app/assets/javascripts/vue_merge_request_widget/extensions/test_report/utils.js
index 6896f8831e8..37f9964d23a 100644
--- a/app/assets/javascripts/vue_merge_request_widget/extensions/test_report/utils.js
+++ b/app/assets/javascripts/vue_merge_request_widget/extensions/test_report/utils.js
@@ -60,7 +60,7 @@ export const reportSubTextBuilder = ({ suite_errors: suiteErrors, summary }) =>
     if (suiteErrors?.base) {
       errors.push(`${i18n.baseReportParsingError} ${suiteErrors.base}`);
     }
-    return errors.join('<br />');
+    return errors;
   }
   return recentFailuresTextBuilder(summary);
 };
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-09-28 21:59:41 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-09-28 21:59:41 +0000
commit	cc201d1e1be2c8f4de2e2265c2b83bd925f8a260 (patch)
tree	7347a079cde32c08900547d96a7c5ddbc2a50259 /app/assets
parent	70d9f335be46efecb1328cd2b7da3f3e17516d7d (diff)
download	gitlab-ce-cc201d1e1be2c8f4de2e2265c2b83bd925f8a260.tar.gz