diff options
Diffstat (limited to 'app/controllers/concerns/preview_markdown.rb')
| -rw-r--r-- | app/controllers/concerns/preview_markdown.rb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/app/controllers/concerns/preview_markdown.rb b/app/controllers/concerns/preview_markdown.rb index 7af114313a1..a7655efe7a9 100644 --- a/app/controllers/concerns/preview_markdown.rb +++ b/app/controllers/concerns/preview_markdown.rb @@ -45,7 +45,13 @@ module PreviewMarkdown when 'projects' then projects_filter_params when 'timeline_events' then timeline_events_filter_params else {} - end.merge(requested_path: params[:path], ref: params[:ref]) + end.merge( + requested_path: params[:path], + ref: params[:ref], + # Disable comments in markdown for IE browsers because comments in IE + # could allow script execution. + allow_comments: !browser.ie? + ) end # rubocop:enable Gitlab/ModuleWithInstanceVariables |