diff options
author | Yorick Peterse <yorick@yorickpeterse.com> | 2019-10-30 17:22:45 +0300 |
---|---|---|
committer | Yorick Peterse <yorick@yorickpeterse.com> | 2019-10-30 17:22:45 +0300 |
commit | ad8eea383406037a207c80421e6e4bfa357f8044 (patch) | |
tree | 396b89ad72b9d7e35fab26c6ee22c978a12defbb /app/assets | |
parent | 228d752ff09362002cc904d28edee7d63cc3cef2 (diff) | |
parent | b0f939a79fe16ff760d6e589c8f9cd71c0fa1da7 (diff) |
Merge dev.gitlab.org@master into GitLab.com@master
Diffstat (limited to 'app/assets')
-rw-r--r-- | app/assets/javascripts/project_find_file.js | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/assets/javascripts/project_find_file.js b/app/assets/javascripts/project_find_file.js index 2c375b39c1f..58f088444d0 100644 --- a/app/assets/javascripts/project_find_file.js +++ b/app/assets/javascripts/project_find_file.js @@ -5,6 +5,7 @@ import fuzzaldrinPlus from 'fuzzaldrin-plus'; import axios from '~/lib/utils/axios_utils'; import flash from '~/flash'; import { __ } from '~/locale'; +import sanitize from 'sanitize-html'; // highlight text(awefwbwgtc -> <b>a</b>wefw<b>b</b>wgt<b>c</b> ) const highlighter = function(element, text, matches) { @@ -74,7 +75,7 @@ export default class ProjectFindFile { findFile() { var result, searchText; - searchText = this.inputElement.val(); + searchText = sanitize(this.inputElement.val()); result = searchText.length > 0 ? fuzzaldrinPlus.filter(this.filePaths, searchText) : this.filePaths; return this.renderList(result, searchText); |