Merge branch 'security-bw-confidential-titles-through-markdown-api-11-3' into 'security-11-3'

[11.3] Confidential issue/private snippet titles can be read by unauthenticated user through GFM markdown API See merge request gitlab/gitlabhq!2535
author: Bob Van Landuyt <bob@gitlab.com> 2018-10-04 16:56:01 +0000
committer: Bob Van Landuyt <bob@vanlanduyt.co> 2018-10-04 18:58:52 +0200
commit: 89ccade810447656d457cff441eff2318b2c7998 (patch)
tree: c839d579f2a7828ac63cebcc91b35dd3a6bac768 /app/models
parent: 21092657a50dbb3430dcf412d8fe448c348c09de (diff)
download: gitlab-ce-89ccade810447656d457cff441eff2318b2c7998.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/project_services/hipchat_service.rb b/app/models/project_services/hipchat_service.rb
index 66012f0da99..a69b7b4c4b6 100644
--- a/app/models/project_services/hipchat_service.rb
+++ b/app/models/project_services/hipchat_service.rb
@@ -149,7 +149,7 @@ class HipchatService < Service
 
     context.merge!(options)
 
-    html = Banzai.post_process(Banzai.render(text, context), context)
+    html = Banzai.render_and_post_process(text, context)
     sanitized_html = sanitize(html, tags: HIPCHAT_ALLOWED_TAGS, attributes: %w[href title alt])
 
     sanitized_html.truncate(200, separator: ' ', omission: '...')
author	Bob Van Landuyt <bob@gitlab.com>	2018-10-04 16:56:01 +0000
committer	Bob Van Landuyt <bob@vanlanduyt.co>	2018-10-04 18:58:52 +0200
commit	89ccade810447656d457cff441eff2318b2c7998 (patch)
tree	c839d579f2a7828ac63cebcc91b35dd3a6bac768 /app/models
parent	21092657a50dbb3430dcf412d8fe448c348c09de (diff)
download	gitlab-ce-89ccade810447656d457cff441eff2318b2c7998.tar.gz