diff options
author | Thiago Presa <tpresa@gitlab.com> | 2018-10-23 05:21:37 +0300 |
---|---|---|
committer | Thiago Presa <tpresa@gitlab.com> | 2018-10-25 03:38:58 +0300 |
commit | 0bfcbc390f207fe4a4214334842fb80e0d963833 (patch) | |
tree | 483cf38846e0c49625c3d6fcd26ca9678865cddf /app | |
parent | 5bc0403f4516faff376b9d2de54ebb7cf2747aa1 (diff) |
Merge branch 'security-11-3-51527-xss-in-mr-source-branch' into 'security-11-3'
[11.3] Fix XSS in MR source branch name
See merge request gitlab/gitlabhq!2545
Diffstat (limited to 'app')
-rw-r--r-- | app/presenters/merge_request_presenter.rb | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/app/presenters/merge_request_presenter.rb b/app/presenters/merge_request_presenter.rb index 8c4eac3c31d..800d0196729 100644 --- a/app/presenters/merge_request_presenter.rb +++ b/app/presenters/merge_request_presenter.rb @@ -108,16 +108,10 @@ class MergeRequestPresenter < Gitlab::View::Presenter::Delegated namespace = source_project_namespace branch = source_branch - if source_branch_exists? - namespace = link_to(namespace, project_path(source_project)) - branch = link_to(branch, project_tree_path(source_project, source_branch)) - end + namespace_link = source_branch_exists? ? link_to(namespace, project_path(source_project)) : ERB::Util.html_escape(namespace) + branch_link = source_branch_exists? ? link_to(branch, project_tree_path(source_project, source_branch)) : ERB::Util.html_escape(branch) - if for_fork? - namespace + ":" + branch - else - branch - end + for_fork? ? "#{namespace_link}:#{branch_link}" : branch_link end def closing_issues_links |