summaryrefslogtreecommitdiff
path: root/lib/banzai
diff options
context:
space:
mode:
authorAlessio Caiazza <acaiazza@gitlab.com>2019-11-27 13:55:20 +0100
committerAlessio Caiazza <acaiazza@gitlab.com>2019-11-27 13:55:20 +0100
commita4484fd22dd0d055a10fe084b82349e42f7363e1 (patch)
tree008e49825ed1c628996c4b4cb83e33e1f33a0d74 /lib/banzai
parent3269a20692c5b1f32862072d7897a4e753bae9ef (diff)
parentf220df53b6606e7e6699cc1073a6d2fa07ccdad1 (diff)
downloadgitlab-ce-a4484fd22dd0d055a10fe084b82349e42f7363e1.tar.gz
Merge remote-tracking branch 'dev/master'
Diffstat (limited to 'lib/banzai')
-rw-r--r--lib/banzai/filter/label_reference_filter.rb2
-rw-r--r--lib/banzai/filter/relative_link_filter.rb2
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/banzai/filter/label_reference_filter.rb b/lib/banzai/filter/label_reference_filter.rb
index db620c65237..609ea8fb5ca 100644
--- a/lib/banzai/filter/label_reference_filter.rb
+++ b/lib/banzai/filter/label_reference_filter.rb
@@ -89,7 +89,7 @@ module Banzai
parent_from_ref = from_ref_cached(project_path)
reference = parent_from_ref.to_human_reference(parent)
- label_suffix = " <i>in #{reference}</i>" if reference.present?
+ label_suffix = " <i>in #{ERB::Util.html_escape(reference)}</i>" if reference.present?
end
presenter = object.present(issuable_subject: parent)
diff --git a/lib/banzai/filter/relative_link_filter.rb b/lib/banzai/filter/relative_link_filter.rb
index c7589e69262..583b0081319 100644
--- a/lib/banzai/filter/relative_link_filter.rb
+++ b/lib/banzai/filter/relative_link_filter.rb
@@ -172,7 +172,7 @@ module Banzai
end
def cleaned_file_path(uri)
- Addressable::URI.unescape(uri.path).delete("\0").chomp("/")
+ Addressable::URI.unescape(uri.path).scrub.delete("\0").chomp("/")
end
def relative_file_path(uri)
View Lorry Controller Status