summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-09-29 12:54:43 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-09-29 12:55:07 +0000
commit60b56b48afb89ed1890409b6c425f16549c4d28b (patch)
treef241ab2b3fdb0a97fa503761e5e16a5f7718ae06 /app
parent8a2a8c40a84b97bd1df668b3458cf61cadce1c2a (diff)
downloadgitlab-ce-60b56b48afb89ed1890409b6c425f16549c4d28b.tar.gz
Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee
Diffstat (limited to 'app')
-rw-r--r--app/helpers/external_link_helper.rb5
-rw-r--r--app/helpers/icons_helper.rb2
2 files changed, 5 insertions, 2 deletions
diff --git a/app/helpers/external_link_helper.rb b/app/helpers/external_link_helper.rb
index 058302d1ed8..c951d0daf96 100644
--- a/app/helpers/external_link_helper.rb
+++ b/app/helpers/external_link_helper.rb
@@ -1,9 +1,12 @@
# frozen_string_literal: true
module ExternalLinkHelper
+ include ActionView::Helpers::TextHelper
+
def external_link(body, url, options = {})
- link_to url, { target: '_blank', rel: 'noopener noreferrer' }.merge(options) do
+ link = link_to url, { target: '_blank', rel: 'noopener noreferrer' }.merge(options) do
"#{body}#{sprite_icon('external-link', css_class: 'gl-ml-1')}".html_safe
end
+ sanitize(link, tags: %w(a svg use), attributes: %w(target rel data-testid class href).concat(options.stringify_keys.keys))
end
end
diff --git a/app/helpers/icons_helper.rb b/app/helpers/icons_helper.rb
index 096a3f2269b..c38b4a7aedf 100644
--- a/app/helpers/icons_helper.rb
+++ b/app/helpers/icons_helper.rb
@@ -44,7 +44,7 @@ module IconsHelper
content_tag(
:svg,
- content_tag(:use, '', { 'xlink:href' => "#{sprite_icon_path}##{icon_name}" } ),
+ content_tag(:use, '', { 'href' => "#{sprite_icon_path}##{icon_name}" } ),
class: css_classes.empty? ? nil : css_classes.join(' '),
data: { testid: "#{icon_name}-icon" }
)