Merge branch '42028-xss-diffs-10-6' into 'security-10-6'

Port of "Fix XSS on commit diff view" for 10-6 See merge request gitlab/gitlabhq!2364
author: Douwe Maan <douwe@gitlab.com> 2018-04-03 09:57:31 +0000
committer: James Lopez <james@jameslopez.es> 2018-04-05 08:40:05 +0200
commit: 98106ec54e439455f545f3df15332a28b9b0c969 (patch)
tree: b7511e6b56791143e05bde0e6eb4182c51ff254c /lib/gitlab/diff
parent: 0498a5dd779250372aa12b4d6a0e53ef01d1b60b (diff)
download: gitlab-ce-98106ec54e439455f545f3df15332a28b9b0c969.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/gitlab/diff/inline_diff_marker.rb b/lib/gitlab/diff/inline_diff_marker.rb
index 010b4be7b40..81e91ea0ab7 100644
--- a/lib/gitlab/diff/inline_diff_marker.rb
+++ b/lib/gitlab/diff/inline_diff_marker.rb
@@ -1,11 +1,14 @@
 module Gitlab
   module Diff
     class InlineDiffMarker < Gitlab::StringRangeMarker
+      def initialize(line, rich_line = nil)
+        super(line, rich_line || line)
+      end
+
       def mark(line_inline_diffs, mode: nil)
-        mark = super(line_inline_diffs) do |text, left:, right:|
+        super(line_inline_diffs) do |text, left:, right:|
           %{<span class="#{html_class_names(left, right, mode)}">#{text}</span>}
         end
-        mark.html_safe
       end
 
       private
author	Douwe Maan <douwe@gitlab.com>	2018-04-03 09:57:31 +0000
committer	James Lopez <james@jameslopez.es>	2018-04-05 08:40:05 +0200
commit	98106ec54e439455f545f3df15332a28b9b0c969 (patch)
tree	b7511e6b56791143e05bde0e6eb4182c51ff254c /lib/gitlab/diff
parent	0498a5dd779250372aa12b4d6a0e53ef01d1b60b (diff)
download	gitlab-ce-98106ec54e439455f545f3df15332a28b9b0c969.tar.gz