diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-09-28 15:02:12 +0000 |
|---|---|---|
| committer | Ruben Davila <rdavila84@gmail.com> | 2016-09-28 11:25:56 -0500 |
| commit | 6596f3539328dead0eb85087dfdd39feacdba6cb (patch) | |
| tree | fe8ada80ac3aa59435392a65c2cb006a085120f4 /app | |
| parent | cb1b5b03dc461c1464cc81084783cb2ebb3079c0 (diff) | |
| download | gitlab-ce-6596f3539328dead0eb85087dfdd39feacdba6cb.tar.gz | |
Merge branch 'fix/escape-builds-commands-in-ci-linter' into 'security'
Escape HTML nodes in builds commands in ci linter
This MR removes call to `simple_format` that behaves like `String#html_safe`, thus it passes unescaped HTML tags to the view.
Closes #22541
See merge request !2001
Diffstat (limited to 'app')
| -rw-r--r-- | app/views/ci/lints/_create.html.haml | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/app/views/ci/lints/_create.html.haml b/app/views/ci/lints/_create.html.haml index f7875e68b7e..1545c00af45 100644 --- a/app/views/ci/lints/_create.html.haml +++ b/app/views/ci/lints/_create.html.haml @@ -16,8 +16,7 @@ %tr %td #{stage.capitalize} Job - #{build[:name]} %td - %pre - = simple_format build[:commands] + %pre= build[:commands] %br %b Tag list: |