diff options
author | Francisco Javier López <fjlopez@gitlab.com> | 2018-10-01 16:44:30 +0000 |
---|---|---|
committer | Bob Van Landuyt <bob@gitlab.com> | 2018-10-01 16:44:30 +0000 |
commit | c40400ceaeac1b185431adcf4dabd82ed8c531eb (patch) | |
tree | ac71100b91a893564abbec3ad2faac36df908189 /app/serializers | |
parent | b8cf41bc166e8b625852516bfbf43a03e56cd770 (diff) | |
download | gitlab-ce-c40400ceaeac1b185431adcf4dabd82ed8c531eb.tar.gz |
[master] Stored XSS in Gitlab Merge Request from imported repository
Diffstat (limited to 'app/serializers')
-rw-r--r-- | app/serializers/diff_line_entity.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/serializers/diff_line_entity.rb b/app/serializers/diff_line_entity.rb index 2119a1017d3..942714b7787 100644 --- a/app/serializers/diff_line_entity.rb +++ b/app/serializers/diff_line_entity.rb @@ -9,6 +9,6 @@ class DiffLineEntity < Grape::Entity expose :meta_positions, as: :meta_data expose :rich_text do |line| - line.rich_text || CGI.escapeHTML(line.text) + ERB::Util.html_escape(line.rich_text || line.text) end end |