diff options
| author | Ezekiel Kigbo <ekigbo@gitlab.com> | 2019-03-04 14:37:14 +0300 |
|---|---|---|
| committer | Fatih Acet <acetfatih@gmail.com> | 2019-03-04 14:37:14 +0300 |
| commit | 6c19900509862d1dfb30e62ea37536adf764972e (patch) | |
| tree | 148cf5b5acb9b97deb00500290ba19694d026676 /app | |
| parent | b64e261b87860ac23a6e1b15434832b965efdc9e (diff) | |
Fix username escaping when clicking 'assign to me'
Add spec for assigning user with apostrophe in name
Diffstat (limited to 'app')
| -rw-r--r-- | app/assets/javascripts/users_select.js | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/app/assets/javascripts/users_select.js b/app/assets/javascripts/users_select.js index 4017630d6ef..8c71615dff2 100644 --- a/app/assets/javascripts/users_select.js +++ b/app/assets/javascripts/users_select.js @@ -93,23 +93,22 @@ function UsersSelect(currentUser, els, options = {}) { } // Save current selected user to the DOM - const input = document.createElement('input'); - input.type = 'hidden'; - input.name = $dropdown.data('fieldName'); - - const currentUserInfo = $dropdown.data('currentUserInfo'); - - if (currentUserInfo) { - input.value = currentUserInfo.id; - input.dataset.meta = _.escape(currentUserInfo.name); - } else if (_this.currentUser) { - input.value = _this.currentUser.id; - } + const currentUserInfo = $dropdown.data('currentUserInfo') || {}; + const currentUser = _this.currentUser || {}; + const fieldName = $dropdown.data('fieldName'); + const userName = currentUserInfo.name; + const userId = currentUserInfo.id || currentUser.id; + + const inputHtmlString = _.template(` + <input type="hidden" name="<%- fieldName %>" + data-meta="<%- userName %>" + value="<%- userId %>" /> + `)({ fieldName, userName, userId }); if ($selectbox) { - $dropdown.parent().before(input); + $dropdown.parent().before(inputHtmlString); } else { - $dropdown.after(input); + $dropdown.after(inputHtmlString); } }; |