diff options
author | Robert Speicher <robert@gitlab.com> | 2017-05-03 14:28:46 +0000 |
---|---|---|
committer | Bob Van Landuyt <bob@gitlab.com> | 2017-05-10 11:09:05 +0200 |
commit | c26e9027d31b0735cea438eaa7bf787bc5b6e3a7 (patch) | |
tree | eed08914bd9705da6f32421fbf3965fadfdefabe /app | |
parent | dc54c570efa105df9e59da5dd974496273637811 (diff) | |
download | gitlab-ce-c26e9027d31b0735cea438eaa7bf787bc5b6e3a7.tar.gz |
Merge branch 'branch-name-escape' into 'security'
Fix XSS in branches dropdown
See merge request !2093
Diffstat (limited to 'app')
-rw-r--r-- | app/assets/javascripts/gl_dropdown.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/assets/javascripts/gl_dropdown.js b/app/assets/javascripts/gl_dropdown.js index 0c9eb84f0eb..ef423691ece 100644 --- a/app/assets/javascripts/gl_dropdown.js +++ b/app/assets/javascripts/gl_dropdown.js @@ -610,7 +610,7 @@ GitLabDropdown = (function() { var link = document.createElement('a'); link.href = url; - link.innerHTML = text; + link.textContent = text; if (selected) { link.className = 'is-active'; |