diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-12-02 08:48:32 +0000 |
|---|---|---|
| committer | Alejandro Rodriguez <alejandro@gitlab.com> | 2016-12-07 19:24:02 +0000 |
| commit | 51764c079e6ad4be4d9b95713a08c9c0ebeaeb54 (patch) | |
| tree | 3f71a27c7c225716fc860bde87057da1e18c57f4 /changelogs | |
| parent | 07217fb197b8e93d203467203dc5e1afa96b5363 (diff) | |
| download | gitlab-ce-51764c079e6ad4be4d9b95713a08c9c0ebeaeb54.tar.gz | |
Merge branch 'html-safe-diff-line-content' into 'security'
Don't accidentally mark unsafe diff lines as HTML safe
Fixes potential XSS issue when a legacy diff note is created on a merge
request whose diff contained HTML
See https://gitlab.com/gitlab-org/gitlab-ce/issues/25249
See merge request !2040
Diffstat (limited to 'changelogs')
| -rw-r--r-- | changelogs/unreleased/html-safe-diff-line-content.yml | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/changelogs/unreleased/html-safe-diff-line-content.yml b/changelogs/unreleased/html-safe-diff-line-content.yml new file mode 100644 index 00000000000..8f8bbc51963 --- /dev/null +++ b/changelogs/unreleased/html-safe-diff-line-content.yml @@ -0,0 +1,4 @@ +--- +title: Don't accidentally mark unsafe diff lines as HTML safe +merge_request: +author: |