Merge branch 'branch-name-escape' into 'security'

Fix XSS in branches dropdown See merge request !2093
author: Robert Speicher <robert@gitlab.com> 2017-05-03 14:28:46 +0000
committer: Bob Van Landuyt <bob@gitlab.com> 2017-05-10 11:09:05 +0200
commit: c26e9027d31b0735cea438eaa7bf787bc5b6e3a7 (patch)
tree: eed08914bd9705da6f32421fbf3965fadfdefabe /app
parent: dc54c570efa105df9e59da5dd974496273637811 (diff)
download: gitlab-ce-c26e9027d31b0735cea438eaa7bf787bc5b6e3a7.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/assets/javascripts/gl_dropdown.js b/app/assets/javascripts/gl_dropdown.js
index 0c9eb84f0eb..ef423691ece 100644
--- a/app/assets/javascripts/gl_dropdown.js
+++ b/app/assets/javascripts/gl_dropdown.js
@@ -610,7 +610,7 @@ GitLabDropdown = (function() {
       var link = document.createElement('a');
 
       link.href = url;
-      link.innerHTML = text;
+      link.textContent = text;
 
       if (selected) {
         link.className = 'is-active';
author	Robert Speicher <robert@gitlab.com>	2017-05-03 14:28:46 +0000
committer	Bob Van Landuyt <bob@gitlab.com>	2017-05-10 11:09:05 +0200
commit	c26e9027d31b0735cea438eaa7bf787bc5b6e3a7 (patch)
tree	eed08914bd9705da6f32421fbf3965fadfdefabe /app
parent	dc54c570efa105df9e59da5dd974496273637811 (diff)
download	gitlab-ce-c26e9027d31b0735cea438eaa7bf787bc5b6e3a7.tar.gz