diff options
| author | Fatih Acet <acetfatih@gmail.com> | 2016-08-31 23:15:47 +0300 |
|---|---|---|
| committer | Ruben Davila <rdavila84@gmail.com> | 2016-08-31 23:19:21 +0300 |
| commit | e609bf335e8a03a1ba99baa27e9256194f60f5c2 (patch) | |
| tree | a8270581fcdd3e53542555c6972c68ce887e6a36 /app | |
| parent | 978a5a6ea0f730a2193d8dd88222802fccf7a36d (diff) | |
Merge branch 'label-dropdown-encode' into 'master'
Fixed escaping issue with labels filter
## What does this MR do?
Encodes label names to stop any JS errors.
## What are the relevant issue numbers?
Closes #15552
See merge request !6123
Diffstat (limited to 'app')
| -rw-r--r-- | app/assets/javascripts/gl_dropdown.js | 2 | ||||
| -rw-r--r-- | app/assets/javascripts/labels_select.js | 2 | ||||
| -rw-r--r-- | app/views/shared/issuable/_label_dropdown.html.haml | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/app/assets/javascripts/gl_dropdown.js b/app/assets/javascripts/gl_dropdown.js index 5a2a8523d9f..77b2082cba0 100644 --- a/app/assets/javascripts/gl_dropdown.js +++ b/app/assets/javascripts/gl_dropdown.js @@ -556,7 +556,7 @@ if (isInput) { field = $(this.el); } else { - field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + value + "']"); + field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + escape(value) + "']"); } if (el.hasClass(ACTIVE_CLASS)) { el.removeClass(ACTIVE_CLASS); diff --git a/app/assets/javascripts/labels_select.js b/app/assets/javascripts/labels_select.js index 565dbeacdb3..bab23ff5ac0 100644 --- a/app/assets/javascripts/labels_select.js +++ b/app/assets/javascripts/labels_select.js @@ -164,7 +164,7 @@ instance.addInput(this.fieldName, label.id); } } - if ($form.find("input[type='hidden'][name='" + ($dropdown.data('fieldName')) + "'][value='" + (this.id(label)) + "']").length) { + if ($form.find("input[type='hidden'][name='" + ($dropdown.data('fieldName')) + "'][value='" + escape(this.id(label)) + "']").length) { selectedClass.push('is-active'); } if ($dropdown.hasClass('js-multiselect') && removesAll) { diff --git a/app/views/shared/issuable/_label_dropdown.html.haml b/app/views/shared/issuable/_label_dropdown.html.haml index d34d28f6736..24a1a616919 100644 --- a/app/views/shared/issuable/_label_dropdown.html.haml +++ b/app/views/shared/issuable/_label_dropdown.html.haml @@ -12,7 +12,7 @@ - if params[:label_name].present? - if params[:label_name].respond_to?('any?') - params[:label_name].each do |label| - = hidden_field_tag "label_name[]", label, id: nil + = hidden_field_tag "label_name[]", u(label), id: nil .dropdown %button.dropdown-menu-toggle.js-label-select.js-multiselect{class: classes.join(' '), type: "button", data: dropdown_data} %span.dropdown-toggle-text |