diff options
author | Nick Thomas <nick@gitlab.com> | 2016-10-17 11:07:44 +0100 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2016-10-18 13:49:52 +0100 |
commit | 4012c695cb17f77f3fc928e9eef5c2fd679defc1 (patch) | |
tree | 9f65963f96c77d1f90b45ff32725e3c4e8d811f9 /app/helpers/events_helper.rb | |
parent | b56f093c2ba4739b9d6cec595b8af3ee61a0d12b (diff) | |
download | gitlab-ce-4012c695cb17f77f3fc928e9eef5c2fd679defc1.tar.gz |
Stop event_commit_title from escaping its output
Return a non-html-safe, unescaped String instead of ActiveSupport::SafeBuffer
to preserve safety when the output is misused. Currently there's oly one user,
which does the right thing.
Closes #23311
Diffstat (limited to 'app/helpers/events_helper.rb')
-rw-r--r-- | app/helpers/events_helper.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/helpers/events_helper.rb b/app/helpers/events_helper.rb index bfedcb1c42b..f8ded05c31a 100644 --- a/app/helpers/events_helper.rb +++ b/app/helpers/events_helper.rb @@ -154,7 +154,7 @@ module EventsHelper end def event_commit_title(message) - escape_once(truncate(message.split("\n").first, length: 70)) + (message.split("\n").first || "").truncate(70) rescue "--broken encoding" end |