Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorBob Van Landuyt <bob@gitlab.com>2018-09-25 12:33:16 +0300
committerBob Van Landuyt <bob@vanlanduyt.co>2018-09-25 12:37:16 +0300
commitd3951d6944f83bd542538b0c14c9271bd0789b67 (patch)
tree27f9c8622081aeea4e82bc3f276c515c9c21da9e /app
parent14e45a03a6c38960c1888dab12c6f040345e8bb5 (diff)
Merge branch 'security-fj-stored-xss-in-repository-imports-11-3' into 'security-11-3'
[11.3] Stored XSS in Gitlab Merge Request from imported repository See merge request gitlab/gitlabhq!2500
Diffstat (limited to 'app')
-rw-r--r--app/serializers/diff_line_entity.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/app/serializers/diff_line_entity.rb b/app/serializers/diff_line_entity.rb
index 2119a1017d3..942714b7787 100644
--- a/app/serializers/diff_line_entity.rb
+++ b/app/serializers/diff_line_entity.rb
@@ -9,6 +9,6 @@ class DiffLineEntity < Grape::Entity
expose :meta_positions, as: :meta_data
expose :rich_text do |line|
- line.rich_text || CGI.escapeHTML(line.text)
+ ERB::Util.html_escape(line.rich_text || line.text)
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 11:03:24 +0300