[master] Stored XSS in Gitlab Merge Request from imported repository

author: Francisco Javier López <fjlopez@gitlab.com> 2018-10-01 16:44:30 +0000
committer: Bob Van Landuyt <bob@gitlab.com> 2018-10-01 16:44:30 +0000
commit: c40400ceaeac1b185431adcf4dabd82ed8c531eb (patch)
tree: ac71100b91a893564abbec3ad2faac36df908189 /lib
parent: b8cf41bc166e8b625852516bfbf43a03e56cd770 (diff)
download: gitlab-ce-c40400ceaeac1b185431adcf4dabd82ed8c531eb.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/diff/highlight.rb b/lib/gitlab/diff/highlight.rb
index 1f012043e56..a605ddb5c33 100644
--- a/lib/gitlab/diff/highlight.rb
+++ b/lib/gitlab/diff/highlight.rb
@@ -24,7 +24,7 @@ module Gitlab
           # ignore highlighting for "match" lines
           next diff_line if diff_line.meta?
 
-          rich_line = highlight_line(diff_line) || diff_line.text
+          rich_line = highlight_line(diff_line) || ERB::Util.html_escape(diff_line.text)
 
           if line_inline_diffs = inline_diffs[i]
             begin
author	Francisco Javier López <fjlopez@gitlab.com>	2018-10-01 16:44:30 +0000
committer	Bob Van Landuyt <bob@gitlab.com>	2018-10-01 16:44:30 +0000
commit	c40400ceaeac1b185431adcf4dabd82ed8c531eb (patch)
tree	ac71100b91a893564abbec3ad2faac36df908189 /lib
parent	b8cf41bc166e8b625852516bfbf43a03e56cd770 (diff)
download	gitlab-ce-c40400ceaeac1b185431adcf4dabd82ed8c531eb.tar.gz