diff options
author | Robert Speicher <robert@gitlab.com> | 2016-09-28 15:02:12 +0000 |
---|---|---|
committer | Ruben Davila <rdavila84@gmail.com> | 2016-09-28 11:25:56 -0500 |
commit | 6596f3539328dead0eb85087dfdd39feacdba6cb (patch) | |
tree | fe8ada80ac3aa59435392a65c2cb006a085120f4 /app | |
parent | cb1b5b03dc461c1464cc81084783cb2ebb3079c0 (diff) | |
download | gitlab-ce-6596f3539328dead0eb85087dfdd39feacdba6cb.tar.gz |
Merge branch 'fix/escape-builds-commands-in-ci-linter' into 'security'
Escape HTML nodes in builds commands in ci linter
This MR removes call to `simple_format` that behaves like `String#html_safe`, thus it passes unescaped HTML tags to the view.
Closes #22541
See merge request !2001
Diffstat (limited to 'app')
-rw-r--r-- | app/views/ci/lints/_create.html.haml | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/app/views/ci/lints/_create.html.haml b/app/views/ci/lints/_create.html.haml index f7875e68b7e..1545c00af45 100644 --- a/app/views/ci/lints/_create.html.haml +++ b/app/views/ci/lints/_create.html.haml @@ -16,8 +16,7 @@ %tr %td #{stage.capitalize} Job - #{build[:name]} %td - %pre - = simple_format build[:commands] + %pre= build[:commands] %br %b Tag list: |