app/services/concerns/protected_ref_name_sanitizer.rb


1
2
3
4
5
6
7
8
9
10
11
12

# frozen_string_literal: true

module ProtectedRefNameSanitizer
  def sanitize_name(name)
    name = CGI.unescapeHTML(name)
    name = Sanitize.fragment(name)

    # Sanitize.fragment escapes HTML chars, so unescape again to allow names
    # like `feature->master`
    CGI.unescapeHTML(name)
  end
end