summaryrefslogtreecommitdiff
path: root/app/helpers/labels_helper.rb
diff options
context:
space:
mode:
authorPatrick Derichs <pderichs@gitlab.com>2019-07-15 13:29:56 +0200
committerPatrick Derichs <pderichs@gitlab.com>2019-08-05 16:01:43 +0200
commit927f608f2c4905e430d2df1c455cec793ef41aa9 (patch)
treed565c908ab14491ef9d5bf161d2e7cd3eaab597b /app/helpers/labels_helper.rb
parent52b857f119debb5a03c216c4199eb21a49d815b6 (diff)
downloadgitlab-ce-927f608f2c4905e430d2df1c455cec793ef41aa9.tar.gz
Fix HTML injection for label description
Add changelog entry Add spec
Diffstat (limited to 'app/helpers/labels_helper.rb')
-rw-r--r--app/helpers/labels_helper.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/app/helpers/labels_helper.rb b/app/helpers/labels_helper.rb
index 2ed016beea4..c5a3507637e 100644
--- a/app/helpers/labels_helper.rb
+++ b/app/helpers/labels_helper.rb
@@ -71,7 +71,7 @@ module LabelsHelper
end
def label_tooltip_title(label)
- label.description
+ Sanitize.clean(label.description)
end
def suggested_colors
View Lorry Controller Status