diff options
author | Jose Vargas <jvargas@gitlab.com> | 2018-11-01 00:43:43 +0300 |
---|---|---|
committer | Jose Vargas <jvargas@gitlab.com> | 2018-11-01 00:43:43 +0300 |
commit | 846f43966e2f11b42ed029ade0ccd23c25f556d4 (patch) | |
tree | 01805db87017bb5f56ac41444b8914b31d0d62bf | |
parent | 908e7634cf5ba3c3608cc21d6934d0642f57ab5d (diff) |
Replace the remaining modal occurences
3 files changed, 10 insertions, 8 deletions
diff --git a/app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue b/app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue index 3c383735f4a..97b13ad5109 100644 --- a/app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue +++ b/app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue @@ -1,5 +1,6 @@ <script> import _ from 'underscore'; +import dompurify from 'dompurify'; import DeprecatedModal from '~/vue_shared/components/deprecated_modal.vue'; import { s__, sprintf } from '~/locale'; @@ -34,7 +35,7 @@ export default { return sprintf( s__('AdminProjects|Delete Project %{projectName}?'), { - projectName: `'${_.escape(this.projectName)}'`, + projectName: `'${dompurify.sanitize(this.projectName)}'`, }, false, ); @@ -46,7 +47,7 @@ export default { and all related resources including issues, merge requests, etc.. Once you confirm and press %{strong_start}Delete project%{strong_end}, it cannot be undone or recovered.`), { - projectName: `<strong>${_.escape(this.projectName)}</strong>`, + projectName: `<strong>${dompurify.sanitize(this.projectName)}</strong>`, strong_start: '<strong>', strong_end: '</strong>', }, @@ -57,7 +58,7 @@ export default { return sprintf( s__('AdminUsers|To confirm, type %{projectName}'), { - projectName: `<code>${_.escape(this.projectName)}</code>`, + projectName: `<code>${dompurify.sanitize(this.projectName)}</code>`, }, false, ); diff --git a/app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue b/app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue index 4b33fcc759a..b72cfa81d03 100644 --- a/app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue +++ b/app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue @@ -1,5 +1,5 @@ <script> -import _ from 'underscore'; +import dompurify from 'dompurify'; import DeprecatedModal from '~/vue_shared/components/deprecated_modal.vue'; import { s__, sprintf } from '~/locale'; @@ -47,7 +47,7 @@ export default { return sprintf( this.deleteContributions ? deleteContributionsTitle : keepContributionsTitle, { - username: `'${_.escape(this.username)}'`, + username: `'${dompurify.sanitize(this.username)}'`, }, false, ); @@ -67,7 +67,7 @@ export default { return sprintf( this.deleteContributions ? deleteContributionsText : keepContributionsText, { - username: `<strong>${_.escape(this.username)}</strong>`, + username: `<strong>${dompurify.sanitize(this.username)}</strong>`, strong_start: '<strong>', strong_end: '</strong>', }, @@ -78,7 +78,7 @@ export default { return sprintf( s__('AdminUsers|To confirm, type %{username}'), { - username: `<code>${_.escape(this.username)}</code>`, + username: `<code>${dompurify.sanitize(this.username)}</code>`, }, false, ); diff --git a/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue b/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue index e8b646f3f6e..7e636efb86f 100644 --- a/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue +++ b/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue @@ -1,5 +1,6 @@ <script> import _ from 'underscore'; +import dompurify from 'dompurify'; import axios from '~/lib/utils/axios_utils'; import createFlash from '~/flash'; import GlModal from '~/vue_shared/components/gl_modal.vue'; @@ -48,7 +49,7 @@ export default { const label = `<span class="label color-label" style="background-color: ${this.labelColor}; color: ${this.labelTextColor};" - >${_.escape(this.labelTitle)}</span>`; + >${dompurify.sanitize(this.labelTitle)}</span>`; return sprintf( s__('Labels|<span>Promote label</span> %{labelTitle} <span>to Group Label?</span>'), |