diff options
author | James Lopez <james@gitlab.com> | 2018-12-27 13:42:31 +0000 |
---|---|---|
committer | James Lopez <james@gitlab.com> | 2018-12-27 13:42:31 +0000 |
commit | 19a278b9e360b5b7f3e654d8a5caedd07d67f231 (patch) | |
tree | 1855e38b89eae0d4bf8890ee9f18578071c18718 /app/helpers/blob_helper.rb | |
parent | 2299c01f7e36274f2a1b6b43c68f2d568d7f451e (diff) | |
parent | 7703a04b53ea1d9a3e141de68dac765fd4d1a46a (diff) | |
download | gitlab-ce-19a278b9e360b5b7f3e654d8a5caedd07d67f231.tar.gz |
Merge branch 'security-11-4' into 'security-fix/security-group-user-removal-11-4'
# Conflicts:
# app/services/members/destroy_service.rb
Diffstat (limited to 'app/helpers/blob_helper.rb')
-rw-r--r-- | app/helpers/blob_helper.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index 883e5ddff57..98678aefa8a 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -150,7 +150,9 @@ module BlobHelper # example of Javascript) we tell the browser of the victim not to # execute untrusted data. def safe_content_type(blob) - if blob.text? + if blob.extension == 'svg' + blob.mime_type + elsif blob.text? 'text/plain; charset=utf-8' elsif blob.image? blob.content_type @@ -159,6 +161,12 @@ module BlobHelper end end + def content_disposition(blob, inline) + return 'attachment' if blob.extension == 'svg' + + inline ? 'inline' : 'attachment' + end + def ref_project @ref_project ||= @target_project || @project end |