From 23c297e781da2f8584fd47aecc2544e1a01b886f Mon Sep 17 00:00:00 2001
From: Robert Speicher <robert@gitlab.com>
Date: Wed, 28 Sep 2016 15:02:12 +0000
Subject: Merge branch 'fix/escape-builds-commands-in-ci-linter' into
 'security'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Escape HTML nodes in builds commands in ci linter

This MR removes call to `simple_format` that behaves like `String#html_safe`, thus it passes unescaped HTML tags to the view.

Closes #22541

See merge request !2001

Signed-off-by: Rémy Coutable <remy@rymai.me>
---
 CHANGELOG | 1 +
 1 file changed, 1 insertion(+)

(limited to 'CHANGELOG')

diff --git a/CHANGELOG b/CHANGELOG
index 81f9ea2de5d..ae6b9114a75 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,7 @@ v 8.11.8
   - Respect the fork_project permission when forking projects
   - Set a restrictive CORS policy on the API for credentialed requests
   - API: disable rails session auth for non-GET/HEAD requests
+  - Escape HTML nodes in builds commands in CI linter
 
 v 8.11.7
   - Avoid conflict with admin labels when importing GitHub labels. !6158
-- 
cgit v1.2.1