Replace the remaining modal occurences

author: Jose Vargas <jvargas@gitlab.com> 2018-11-01 00:43:43 +0300
committer: Jose Vargas <jvargas@gitlab.com> 2018-11-01 00:43:43 +0300
commit: 846f43966e2f11b42ed029ade0ccd23c25f556d4 (patch)
tree: 01805db87017bb5f56ac41444b8914b31d0d62bf
parent: 908e7634cf5ba3c3608cc21d6934d0642f57ab5d (diff)
3 files changed, 10 insertions, 8 deletions
diff --git a/app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue b/app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue
index 3c383735f4a..97b13ad5109 100644
--- a/app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue
+++ b/app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue
@@ -1,5 +1,6 @@
 <script>
 import _ from 'underscore';
+import dompurify from 'dompurify';
 import DeprecatedModal from '~/vue_shared/components/deprecated_modal.vue';
 import { s__, sprintf } from '~/locale';
 
@@ -34,7 +35,7 @@ export default {
       return sprintf(
         s__('AdminProjects|Delete Project %{projectName}?'),
         {
-          projectName: `'${_.escape(this.projectName)}'`,
+          projectName: `'${dompurify.sanitize(this.projectName)}'`,
         },
         false,
       );
@@ -46,7 +47,7 @@ export default {
           and all related resources including issues, merge requests, etc..  Once you confirm and press
           %{strong_start}Delete project%{strong_end}, it cannot be undone or recovered.`),
         {
-          projectName: `<strong>${_.escape(this.projectName)}</strong>`,
+          projectName: `<strong>${dompurify.sanitize(this.projectName)}</strong>`,
           strong_start: '<strong>',
           strong_end: '</strong>',
         },
@@ -57,7 +58,7 @@ export default {
       return sprintf(
         s__('AdminUsers|To confirm, type %{projectName}'),
         {
-          projectName: `<code>${_.escape(this.projectName)}</code>`,
+          projectName: `<code>${dompurify.sanitize(this.projectName)}</code>`,
         },
         false,
       );
diff --git a/app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue b/app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue
index 4b33fcc759a..b72cfa81d03 100644
--- a/app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue
+++ b/app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue
@@ -1,5 +1,5 @@
 <script>
-import _ from 'underscore';
+import dompurify from 'dompurify';
 import DeprecatedModal from '~/vue_shared/components/deprecated_modal.vue';
 import { s__, sprintf } from '~/locale';
 
@@ -47,7 +47,7 @@ export default {
       return sprintf(
         this.deleteContributions ? deleteContributionsTitle : keepContributionsTitle,
         {
-          username: `'${_.escape(this.username)}'`,
+          username: `'${dompurify.sanitize(this.username)}'`,
         },
         false,
       );
@@ -67,7 +67,7 @@ export default {
       return sprintf(
         this.deleteContributions ? deleteContributionsText : keepContributionsText,
         {
-          username: `<strong>${_.escape(this.username)}</strong>`,
+          username: `<strong>${dompurify.sanitize(this.username)}</strong>`,
           strong_start: '<strong>',
           strong_end: '</strong>',
         },
@@ -78,7 +78,7 @@ export default {
       return sprintf(
         s__('AdminUsers|To confirm, type %{username}'),
         {
-          username: `<code>${_.escape(this.username)}</code>`,
+          username: `<code>${dompurify.sanitize(this.username)}</code>`,
         },
         false,
       );
diff --git a/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue b/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue
index e8b646f3f6e..7e636efb86f 100644
--- a/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue
+++ b/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue
@@ -1,5 +1,6 @@
 <script>
 import _ from 'underscore';
+import dompurify from 'dompurify';
 import axios from '~/lib/utils/axios_utils';
 import createFlash from '~/flash';
 import GlModal from '~/vue_shared/components/gl_modal.vue';
@@ -48,7 +49,7 @@ export default {
       const label = `<span
           class="label color-label"
           style="background-color: ${this.labelColor}; color: ${this.labelTextColor};"
-        >${_.escape(this.labelTitle)}</span>`;
+        >${dompurify.sanitize(this.labelTitle)}</span>`;
 
       return sprintf(
         s__('Labels|<span>Promote label</span> %{labelTitle} <span>to Group Label?</span>'),
author	Jose Vargas <jvargas@gitlab.com>	2018-11-01 00:43:43 +0300
committer	Jose Vargas <jvargas@gitlab.com>	2018-11-01 00:43:43 +0300
commit	846f43966e2f11b42ed029ade0ccd23c25f556d4 (patch)
tree	01805db87017bb5f56ac41444b8914b31d0d62bf
parent	908e7634cf5ba3c3608cc21d6934d0642f57ab5d (diff)