Merge branch 'branch-name-escape' into 'security'

Fix XSS in branches dropdown See merge request !2093
author: Robert Speicher <robert@gitlab.com> 2017-05-03 17:28:46 +0300
committer: Lin Jen-Shin <godfat@godfat.org> 2017-05-04 18:13:56 +0300
commit: 3bc03e3edcd20fd7ba2233cda24a354bbf2f8520 (patch)
tree: a56944807cb47602519f752620ab11ab8c23807d /app
parent: fa2ec0c34255889406a610ba206ff1b897618153 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/assets/javascripts/gl_dropdown.js b/app/assets/javascripts/gl_dropdown.js
index 9e6ed06054b..4d108631ea8 100644
--- a/app/assets/javascripts/gl_dropdown.js
+++ b/app/assets/javascripts/gl_dropdown.js
@@ -585,7 +585,7 @@
         var link = document.createElement('a');
 
         link.href = url;
-        link.innerHTML = text;
+        link.textContent = text;
 
         if (selected) {
           link.className = 'is-active';
author	Robert Speicher <robert@gitlab.com>	2017-05-03 17:28:46 +0300
committer	Lin Jen-Shin <godfat@godfat.org>	2017-05-04 18:13:56 +0300
commit	3bc03e3edcd20fd7ba2233cda24a354bbf2f8520 (patch)
tree	a56944807cb47602519f752620ab11ab8c23807d /app
parent	fa2ec0c34255889406a610ba206ff1b897618153 (diff)