diff options
author | Douwe Maan <douwe@gitlab.com> | 2019-04-15 08:53:42 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2019-04-15 08:53:42 +0000 |
commit | d83eb63beef28a6229b4bf851ee34c51938e29c7 (patch) | |
tree | 3bce6dda5073f636857ac2f9de3a42a7605cd212 /app | |
parent | 8ede9d188e20d9e173fa6f0c5d899771a392b78a (diff) | |
parent | da026ac2eca6126bf176ace5d70426db41239a58 (diff) | |
download | gitlab-ce-d83eb63beef28a6229b4bf851ee34c51938e29c7.tar.gz |
Merge branch '17014-remove-rails-deprecated_sanitizer' into 'master'
Resolve "Remove rails-deprecated_sanitizer"
Closes #17014
See merge request gitlab-org/gitlab-ce!27268
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/branches_controller.rb | 4 | ||||
-rw-r--r-- | app/helpers/markup_helper.rb | 4 |
2 files changed, 3 insertions, 5 deletions
diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index 9c31ae6376a..e14abbf7c78 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -53,7 +53,7 @@ class Projects::BranchesController < Projects::ApplicationController # rubocop: disable CodeReuse/ActiveRecord def create - branch_name = sanitize(strip_tags(params[:branch_name])) + branch_name = strip_tags(sanitize(params[:branch_name])) branch_name = Addressable::URI.unescape(branch_name) redirect_to_autodeploy = project.empty_repo? && project.deployment_platform.present? @@ -122,7 +122,7 @@ class Projects::BranchesController < Projects::ApplicationController def ref if params[:ref] - ref_escaped = sanitize(strip_tags(params[:ref])) + ref_escaped = strip_tags(sanitize(params[:ref])) Addressable::URI.unescape(ref_escaped) else @project.default_branch || 'master' diff --git a/app/helpers/markup_helper.rb b/app/helpers/markup_helper.rb index d83c69603a9..be4fc2531ae 100644 --- a/app/helpers/markup_helper.rb +++ b/app/helpers/markup_helper.rb @@ -241,9 +241,7 @@ module MarkupHelper node.remove if node.name == 'a' && node.content.blank? end - # Use `Loofah` directly instead of `sanitize` - # as we still use the `rails-deprecated_sanitizer` gem - Loofah.fragment(text).scrub!(scrubber).to_s + sanitize text, scrubber: scrubber end def markdown_toolbar_button(options = {}) |