diff options
| author | Sean McGivern <sean@gitlab.com> | 2019-05-23 15:28:55 +0100 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2019-05-24 10:07:21 +0100 |
| commit | 17b97bf029a7085f6b726071a15f5d231510f1b6 (patch) | |
| tree | 1e8e37ee0985effc9a3ee08703d42161cfe8bfb1 /lib/banzai | |
| parent | efdca2e6b41f5c05a026cc583646b13555e63986 (diff) | |
| download | gitlab-ce-17b97bf029a7085f6b726071a15f5d231510f1b6.tar.gz | |
Fix milestone references with HTML entities in the namefix-milestone-references-with-escaped-html-entities
When a milestone name contained an HTML entity that would be escaped (&,
<, >), then it wasn't possible to refer to this milestone by name, or
use it in a quick action.
This already worked for labels, but not for milestones. We take care to
re-escape un-matched milestones, too.
Diffstat (limited to 'lib/banzai')
| -rw-r--r-- | lib/banzai/filter/abstract_reference_filter.rb | 8 | ||||
| -rw-r--r-- | lib/banzai/filter/label_reference_filter.rb | 8 | ||||
| -rw-r--r-- | lib/banzai/filter/milestone_reference_filter.rb | 4 |
3 files changed, 10 insertions, 10 deletions
diff --git a/lib/banzai/filter/abstract_reference_filter.rb b/lib/banzai/filter/abstract_reference_filter.rb index 44b151d01e7..0224dd8fcd1 100644 --- a/lib/banzai/filter/abstract_reference_filter.rb +++ b/lib/banzai/filter/abstract_reference_filter.rb @@ -363,6 +363,14 @@ module Banzai group_ref end + + def unescape_html_entities(text) + CGI.unescapeHTML(text.to_s) + end + + def escape_html_entities(text) + CGI.escapeHTML(text.to_s) + end end end end diff --git a/lib/banzai/filter/label_reference_filter.rb b/lib/banzai/filter/label_reference_filter.rb index 4d67140b0a1..4892668fc22 100644 --- a/lib/banzai/filter/label_reference_filter.rb +++ b/lib/banzai/filter/label_reference_filter.rb @@ -104,14 +104,6 @@ module Banzai matches[:namespace] && matches[:project] end - def unescape_html_entities(text) - CGI.unescapeHTML(text.to_s) - end - - def escape_html_entities(text) - CGI.escapeHTML(text.to_s) - end - def object_link_title(object, matches) # use title of wrapped element instead nil diff --git a/lib/banzai/filter/milestone_reference_filter.rb b/lib/banzai/filter/milestone_reference_filter.rb index fce042e8946..08969753d75 100644 --- a/lib/banzai/filter/milestone_reference_filter.rb +++ b/lib/banzai/filter/milestone_reference_filter.rb @@ -51,13 +51,13 @@ module Banzai # default implementation. return super(text, pattern) if pattern != Milestone.reference_pattern - text.gsub(pattern) do |match| + unescape_html_entities(text).gsub(pattern) do |match| milestone = find_milestone($~[:project], $~[:namespace], $~[:milestone_iid], $~[:milestone_name]) if milestone yield match, milestone.id, $~[:project], $~[:namespace], $~ else - match + escape_html_entities(match) end end end |