Merge branch 'mr-xss' into 'master'

Escape user-provided content in preserved HAML sections See merge request !1927
author: Robert Speicher <robert@gitlab.com> 2015-09-08 17:17:37 +0000
committer: Robert Speicher <robert@gitlab.com> 2015-09-08 17:17:37 +0000
commit: df1f4433c57abb0eebbd091ac6247974d338cda6 (patch)
tree: e4e130dd371edd9157405042ea7f4142d5e0b55a /app/views/projects/wikis
parent: 86556a079e34eb1267e63f7b39cc018665e21bfc (diff)
parent: 9f31f95adad5500045ef35b57d133c633cd08524 (diff)
download: gitlab-ce-df1f4433c57abb0eebbd091ac6247974d338cda6.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/projects/wikis/git_access.html.haml b/app/views/projects/wikis/git_access.html.haml
index 62071e29d74..226fd3b2290 100644
--- a/app/views/projects/wikis/git_access.html.haml
+++ b/app/views/projects/wikis/git_access.html.haml
@@ -21,7 +21,7 @@
     %pre.dark
       :preserve
         git clone #{ content_tag(:span, default_url_to_repo(@project_wiki), class: 'clone')}
-        cd #{@project_wiki.path}
+        cd #{h @project_wiki.path}
 
     %legend Start Gollum And Edit Locally:
     %pre.dark
author	Robert Speicher <robert@gitlab.com>	2015-09-08 17:17:37 +0000
committer	Robert Speicher <robert@gitlab.com>	2015-09-08 17:17:37 +0000
commit	df1f4433c57abb0eebbd091ac6247974d338cda6 (patch)
tree	e4e130dd371edd9157405042ea7f4142d5e0b55a /app/views/projects/wikis
parent	86556a079e34eb1267e63f7b39cc018665e21bfc (diff)
parent	9f31f95adad5500045ef35b57d133c633cd08524 (diff)
download	gitlab-ce-df1f4433c57abb0eebbd091ac6247974d338cda6.tar.gz