Render references for labels that name contains ?, or &

author: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-06-21 00:33:01 +0300
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-07-06 02:57:09 +0300
commit: ab811b6ab929d3f220e060c15c49bc075d91e5f2 (patch)
tree: bbe8091322f85e1bdc9c5a91597f4723edf4f51b /app
parent: e186626d25d5a24e2f2c5f0b5082b79bc8bd0ddf (diff)
3 files changed, 15 insertions, 15 deletions
diff --git a/app/assets/javascripts/gfm_auto_complete.js.coffee b/app/assets/javascripts/gfm_auto_complete.js.coffee
index b7d040bae85..4a851d9c9fb 100644
--- a/app/assets/javascripts/gfm_auto_complete.js.coffee
+++ b/app/assets/javascripts/gfm_auto_complete.js.coffee
@@ -190,7 +190,7 @@ GitLab.GfmAutoComplete =
       callbacks:
         beforeSave: (merges) ->
           sanitizeLabelTitle = (title)->
-            if /\w+\s+\w+/g.test(title)
+            if /[\w\?&]+\s+[\w\?&]+/g.test(title)
               "\"#{sanitize(title)}\""
             else
               sanitize(title)
diff --git a/app/helpers/labels_helper.rb b/app/helpers/labels_helper.rb
index 5e9f5837101..1f0d5d545c0 100644
--- a/app/helpers/labels_helper.rb
+++ b/app/helpers/labels_helper.rb
@@ -1,6 +1,12 @@
 module LabelsHelper
   include ActionView::Helpers::TagHelper
 
+  TABLE_FOR_ESCAPE_HTML_ENTITIES = {
+    '&' => '&amp;',
+    '<' => '&lt;',
+    '>' => '&gt;'
+  }
+
   # Link to a Label
   #
   # label   - Label object to link to
@@ -130,7 +136,11 @@ module LabelsHelper
     label.subscribed?(current_user) ? 'Unsubscribe' : 'Subscribe'
   end
 
+  def unescape_html_entities(value)
+    value.to_s.gsub(/(&gt;)|(&lt;)|(&amp;)/, TABLE_FOR_ESCAPE_HTML_ENTITIES.invert)
+  end
+
   # Required for Banzai::Filter::LabelReferenceFilter
   module_function :render_colored_label, :render_colored_cross_project_label,
-                  :text_color_for_bg, :escape_once
+                  :text_color_for_bg, :escape_once, :unescape_html_entities
 end
diff --git a/app/models/label.rb b/app/models/label.rb
index 115f38c6dfe..086007d1864 100644
--- a/app/models/label.rb
+++ b/app/models/label.rb
@@ -58,8 +58,8 @@ class Label < ActiveRecord::Base
       (?:
         (?<label_id>\d+) | # Integer-based label ID, or
         (?<label_name>
-          [A-Za-z0-9_-]+ | # String-based single-word label title, or
-          "[^&\?,]+"       # String-based multi-word label surrounded in quotes
+          [A-Za-z0-9_\-\?&]+ | # String-based single-word label title, or
+          "[^,]+"              # String-based multi-word label surrounded in quotes
         )
       )
     }x
@@ -134,16 +134,6 @@ class Label < ActiveRecord::Base
   end
 
   def sanitize_title(value)
-    unnescape_html_entities(Sanitize.clean(value.to_s))
+    LabelsHelper.unescape_html_entities(Sanitize.clean(value.to_s))
   end
-
-  def unnescape_html_entities(value)
-    value.to_s.gsub(/(&gt;)|(&lt;)|(&amp;)/, Label::TABLE_FOR_ESCAPE_HTML_ENTITIES.invert)
-  end
-
-  TABLE_FOR_ESCAPE_HTML_ENTITIES = {
-    '&' => '&amp;',
-    '<' => '&lt;',
-    '>' => '&gt;'
-  }
 end
author	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-06-21 00:33:01 +0300
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-07-06 02:57:09 +0300
commit	ab811b6ab929d3f220e060c15c49bc075d91e5f2 (patch)
tree	bbe8091322f85e1bdc9c5a91597f4723edf4f51b /app
parent	e186626d25d5a24e2f2c5f0b5082b79bc8bd0ddf (diff)