diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 12:54:43 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 12:55:07 +0000 |
commit | 60b56b48afb89ed1890409b6c425f16549c4d28b (patch) | |
tree | f241ab2b3fdb0a97fa503761e5e16a5f7718ae06 /app | |
parent | 8a2a8c40a84b97bd1df668b3458cf61cadce1c2a (diff) | |
download | gitlab-ce-60b56b48afb89ed1890409b6c425f16549c4d28b.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/helpers/external_link_helper.rb | 5 | ||||
-rw-r--r-- | app/helpers/icons_helper.rb | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/app/helpers/external_link_helper.rb b/app/helpers/external_link_helper.rb index 058302d1ed8..c951d0daf96 100644 --- a/app/helpers/external_link_helper.rb +++ b/app/helpers/external_link_helper.rb @@ -1,9 +1,12 @@ # frozen_string_literal: true module ExternalLinkHelper + include ActionView::Helpers::TextHelper + def external_link(body, url, options = {}) - link_to url, { target: '_blank', rel: 'noopener noreferrer' }.merge(options) do + link = link_to url, { target: '_blank', rel: 'noopener noreferrer' }.merge(options) do "#{body}#{sprite_icon('external-link', css_class: 'gl-ml-1')}".html_safe end + sanitize(link, tags: %w(a svg use), attributes: %w(target rel data-testid class href).concat(options.stringify_keys.keys)) end end diff --git a/app/helpers/icons_helper.rb b/app/helpers/icons_helper.rb index 096a3f2269b..c38b4a7aedf 100644 --- a/app/helpers/icons_helper.rb +++ b/app/helpers/icons_helper.rb @@ -44,7 +44,7 @@ module IconsHelper content_tag( :svg, - content_tag(:use, '', { 'xlink:href' => "#{sprite_icon_path}##{icon_name}" } ), + content_tag(:use, '', { 'href' => "#{sprite_icon_path}##{icon_name}" } ), class: css_classes.empty? ? nil : css_classes.join(' '), data: { testid: "#{icon_name}-icon" } ) |