diff options
| author | Filipa Lacerda <filipa@gitlab.com> | 2018-06-20 13:57:48 +0000 |
|---|---|---|
| committer | Alessio Caiazza <acaiazza@gitlab.com> | 2018-06-21 10:03:28 +0200 |
| commit | 1a337648bdc21236b19567184d1ba55701e7866f (patch) | |
| tree | 6080b8b2f788532dad0d39fe38c672db82291da6 /app | |
| parent | c0fb3194c7984f45c1c5a5b77b8ce3cde085a5d6 (diff) | |
| download | gitlab-ce-1a337648bdc21236b19567184d1ba55701e7866f.tar.gz | |
Merge branch 'security-html_escape_branch_name-11-0' into 'security-11-0'
[11.0] HTML escape branch name in project graphs page
See merge request gitlab/gitlabhq!2413
Diffstat (limited to 'app')
| -rw-r--r-- | app/views/projects/graphs/charts.html.haml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/projects/graphs/charts.html.haml b/app/views/projects/graphs/charts.html.haml index 983cb187c2f..3f1974d05f4 100644 --- a/app/views/projects/graphs/charts.html.haml +++ b/app/views/projects/graphs/charts.html.haml @@ -30,7 +30,7 @@ #{@commits_graph.start_date.strftime('%b %d')} - end_time = capture do #{@commits_graph.end_date.strftime('%b %d')} - = (_("Commit statistics for %{ref} %{start_time} - %{end_time}") % { ref: "<strong>#{@ref}</strong>", start_time: start_time, end_time: end_time }).html_safe + = (_("Commit statistics for %{ref} %{start_time} - %{end_time}") % { ref: "<strong>#{h @ref}</strong>", start_time: start_time, end_time: end_time }).html_safe .col-md-6 .tree-ref-container |