Merge branch 'fix-hamlit-xss' into 'security-9-1'

New Hamlit XSS fix, does not include extraneous changes See merge request !2095
author: Robert Speicher <robert@gitlab.com> 2017-05-02 21:32:14 +0000
committer: Bob Van Landuyt <bob@gitlab.com> 2017-05-10 16:48:18 +0200
commit: e5e94618c573fc85118ae76c1582be1ab30a72af (patch)
tree: 4f46de7889f62f63d68a10bd3a433bd7b195efd1 /app/views/import
parent: ad309f5d110ebf8859b2e7196c7a1d0b039c0d7c (diff)
download: gitlab-ce-e5e94618c573fc85118ae76c1582be1ab30a72af.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/import/base/create.js.haml b/app/views/import/base/create.js.haml
index 8e929538351..57e8c3ca1e1 100644
--- a/app/views/import/base/create.js.haml
+++ b/app/views/import/base/create.js.haml
@@ -10,4 +10,4 @@
 - else
   :plain
     job = $("tr#repo_#{@repo_id}")
-    job.find(".import-actions").html("<i class='fa fa-exclamation-circle'></i> Error saving project: #{escape_javascript(@project.errors.full_messages.join(','))}")
+    job.find(".import-actions").html("<i class='fa fa-exclamation-circle'></i> Error saving project: #{escape_javascript(h(@project.errors.full_messages.join(',')))}")
author	Robert Speicher <robert@gitlab.com>	2017-05-02 21:32:14 +0000
committer	Bob Van Landuyt <bob@gitlab.com>	2017-05-10 16:48:18 +0200
commit	e5e94618c573fc85118ae76c1582be1ab30a72af (patch)
tree	4f46de7889f62f63d68a10bd3a433bd7b195efd1 /app/views/import
parent	ad309f5d110ebf8859b2e7196c7a1d0b039c0d7c (diff)
download	gitlab-ce-e5e94618c573fc85118ae76c1582be1ab30a72af.tar.gz