diff options
| author | Ezekiel Kigbo <ekigbo@gitlab.com> | 2019-03-04 14:37:14 +0300 |
|---|---|---|
| committer | Fatih Acet <acetfatih@gmail.com> | 2019-03-04 14:37:14 +0300 |
| commit | 6c19900509862d1dfb30e62ea37536adf764972e (patch) | |
| tree | 148cf5b5acb9b97deb00500290ba19694d026676 | |
| parent | b64e261b87860ac23a6e1b15434832b965efdc9e (diff) | |
Fix username escaping when clicking 'assign to me'
Add spec for assigning user with apostrophe in name
3 files changed, 36 insertions, 14 deletions
diff --git a/app/assets/javascripts/users_select.js b/app/assets/javascripts/users_select.js index 4017630d6ef..8c71615dff2 100644 --- a/app/assets/javascripts/users_select.js +++ b/app/assets/javascripts/users_select.js @@ -93,23 +93,22 @@ function UsersSelect(currentUser, els, options = {}) { } // Save current selected user to the DOM - const input = document.createElement('input'); - input.type = 'hidden'; - input.name = $dropdown.data('fieldName'); - - const currentUserInfo = $dropdown.data('currentUserInfo'); - - if (currentUserInfo) { - input.value = currentUserInfo.id; - input.dataset.meta = _.escape(currentUserInfo.name); - } else if (_this.currentUser) { - input.value = _this.currentUser.id; - } + const currentUserInfo = $dropdown.data('currentUserInfo') || {}; + const currentUser = _this.currentUser || {}; + const fieldName = $dropdown.data('fieldName'); + const userName = currentUserInfo.name; + const userId = currentUserInfo.id || currentUser.id; + + const inputHtmlString = _.template(` + <input type="hidden" name="<%- fieldName %>" + data-meta="<%- userName %>" + value="<%- userId %>" /> + `)({ fieldName, userName, userId }); if ($selectbox) { - $dropdown.parent().before(input); + $dropdown.parent().before(inputHtmlString); } else { - $dropdown.after(input); + $dropdown.after(inputHtmlString); } }; diff --git a/changelogs/unreleased/37673-minor-issue-with-apostrophe-single-quote-when-clicking-assign-to-me.yml b/changelogs/unreleased/37673-minor-issue-with-apostrophe-single-quote-when-clicking-assign-to-me.yml new file mode 100644 index 00000000000..a470f917d53 --- /dev/null +++ b/changelogs/unreleased/37673-minor-issue-with-apostrophe-single-quote-when-clicking-assign-to-me.yml @@ -0,0 +1,5 @@ +--- +title: Fix username escaping when using assign to me for issues +merge_request: 24673 +author: +type: fixed diff --git a/spec/features/issues/user_creates_issue_spec.rb b/spec/features/issues/user_creates_issue_spec.rb index e60486f6dcb..0f604db870f 100644 --- a/spec/features/issues/user_creates_issue_spec.rb +++ b/spec/features/issues/user_creates_issue_spec.rb @@ -93,4 +93,22 @@ describe "User creates issue" do end end end + + context "when signed in as user with special characters in their name" do + let(:user_special) { create(:user, name: "Jon O'Shea") } + + before do + project.add_developer(user_special) + sign_in(user_special) + + visit(new_project_issue_path(project)) + end + + it "will correctly escape user names with an apostrophe when clicking 'Assign to me'", :js do + first('.assign-to-me-link').click + + expect(page).to have_content(user_special.name) + expect(page.find('input[name="issue[assignee_ids][]"]', visible: false)['data-meta']).to eq(user_special.name) + end + end end |