diff options
| author | Phil Hughes <me@iamphill.com> | 2016-08-31 11:41:16 +0100 |
|---|---|---|
| committer | Phil Hughes <me@iamphill.com> | 2016-08-31 11:41:16 +0100 |
| commit | 97d6f5b6ded829d1f7e792c59ae5eb4b2aae7c70 (patch) | |
| tree | 8260c298f4fd7a1dbe8350dac3d4d5fd8903104e /app | |
| parent | 4d042afeced540c0acd887714d8ec7c962b7c507 (diff) | |
| download | gitlab-ce-label-dropdown-encode.tar.gz | |
Fixed escaping issue with labels filterlabel-dropdown-encode
Closes #15552
Diffstat (limited to 'app')
| -rw-r--r-- | app/assets/javascripts/gl_dropdown.js | 2 | ||||
| -rw-r--r-- | app/assets/javascripts/labels_select.js | 2 | ||||
| -rw-r--r-- | app/views/shared/issuable/_label_dropdown.html.haml | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/app/assets/javascripts/gl_dropdown.js b/app/assets/javascripts/gl_dropdown.js index 5a2a8523d9f..77b2082cba0 100644 --- a/app/assets/javascripts/gl_dropdown.js +++ b/app/assets/javascripts/gl_dropdown.js @@ -556,7 +556,7 @@ if (isInput) { field = $(this.el); } else { - field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + value + "']"); + field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + escape(value) + "']"); } if (el.hasClass(ACTIVE_CLASS)) { el.removeClass(ACTIVE_CLASS); diff --git a/app/assets/javascripts/labels_select.js b/app/assets/javascripts/labels_select.js index 565dbeacdb3..bab23ff5ac0 100644 --- a/app/assets/javascripts/labels_select.js +++ b/app/assets/javascripts/labels_select.js @@ -164,7 +164,7 @@ instance.addInput(this.fieldName, label.id); } } - if ($form.find("input[type='hidden'][name='" + ($dropdown.data('fieldName')) + "'][value='" + (this.id(label)) + "']").length) { + if ($form.find("input[type='hidden'][name='" + ($dropdown.data('fieldName')) + "'][value='" + escape(this.id(label)) + "']").length) { selectedClass.push('is-active'); } if ($dropdown.hasClass('js-multiselect') && removesAll) { diff --git a/app/views/shared/issuable/_label_dropdown.html.haml b/app/views/shared/issuable/_label_dropdown.html.haml index d34d28f6736..24a1a616919 100644 --- a/app/views/shared/issuable/_label_dropdown.html.haml +++ b/app/views/shared/issuable/_label_dropdown.html.haml @@ -12,7 +12,7 @@ - if params[:label_name].present? - if params[:label_name].respond_to?('any?') - params[:label_name].each do |label| - = hidden_field_tag "label_name[]", label, id: nil + = hidden_field_tag "label_name[]", u(label), id: nil .dropdown %button.dropdown-menu-toggle.js-label-select.js-multiselect{class: classes.join(' '), type: "button", data: dropdown_data} %span.dropdown-toggle-text |