diff options
| author | Phil Hughes <me@iamphill.com> | 2018-03-20 13:09:38 +0300 |
|---|---|---|
| committer | James Lopez <james@jameslopez.es> | 2018-04-05 09:39:44 +0300 |
| commit | 0498a5dd779250372aa12b4d6a0e53ef01d1b60b (patch) | |
| tree | 4ec740f14642b9be0fd7d00ee496dd9ffb513dc4 /app/assets/javascripts/milestone_select.js | |
| parent | 39bb3720381af64039673cf21705fcf95cf78314 (diff) | |
Merge branch 'fl-fix-milestone-bug-10-6' into 'security-10-6'
Escape miletone attribute when appending to the DOM
See merge request gitlab/gitlabhq!2359
Diffstat (limited to 'app/assets/javascripts/milestone_select.js')
| -rw-r--r-- | app/assets/javascripts/milestone_select.js | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/app/assets/javascripts/milestone_select.js b/app/assets/javascripts/milestone_select.js index add07c156a4..c749042a14a 100644 --- a/app/assets/javascripts/milestone_select.js +++ b/app/assets/javascripts/milestone_select.js @@ -94,10 +94,10 @@ export default class MilestoneSelect { if (showMenuAbove) { $dropdown.data('glDropdown').positionMenuAbove(); } - $(`[data-milestone-id="${selectedMilestone}"] > a`).addClass('is-active'); + $(`[data-milestone-id="${_.escape(selectedMilestone)}"] > a`).addClass('is-active'); }), renderRow: milestone => ` - <li data-milestone-id="${milestone.name}"> + <li data-milestone-id="${_.escape(milestone.name)}"> <a href='#' class='dropdown-menu-milestone-link'> ${_.escape(milestone.title)} </a> @@ -125,7 +125,6 @@ export default class MilestoneSelect { return milestone.id; } }, - isSelected: milestone => milestone.name === selectedMilestone, hidden: () => { $selectBox.hide(); // display:block overrides the hide-collapse rule @@ -137,7 +136,7 @@ export default class MilestoneSelect { selectedMilestone = $dropdown[0].dataset.selected || selectedMilestoneDefault; } $('a.is-active', $el).removeClass('is-active'); - $(`[data-milestone-id="${selectedMilestone}"] > a`, $el).addClass('is-active'); + $(`[data-milestone-id="${_.escape(selectedMilestone)}"] > a`, $el).addClass('is-active'); }, vue: $dropdown.hasClass('js-issue-board-sidebar'), clicked: (clickEvent) => { @@ -158,6 +157,7 @@ export default class MilestoneSelect { const isMRIndex = (page === page && page === 'projects:merge_requests:index'); const isSelecting = (selected.name !== selectedMilestone); selectedMilestone = isSelecting ? selected.name : selectedMilestoneDefault; + if ($dropdown.hasClass('js-filter-bulk-update') || $dropdown.hasClass('js-issuable-form-dropdown')) { e.preventDefault(); return; |