Merge branch 'security-mermaid-xss-11-5' into 'security-11-5'

[11.5] Fix XSS in mermaid diagrams See merge request gitlab/gitlabhq!2641
author: Steve Azzopardi <sazzopardi@gitlab.com> 2018-11-23 11:23:02 +0300
committer: Steve Azzopardi <sazzopardi@gitlab.com> 2018-11-23 11:23:02 +0300
commit: f29122ec6d762623436abe5dbf992c9d00a04899 (patch)
tree: 847793d81ee801f0e732baf5250a2301a39ab375 /changelogs
parent: b84707f5dd088ad49e6e85d1c956ec405969a53e (diff)
parent: ae34dd6eb7a77a4fe7f9c1aea414bf014747ba25 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-mermaid-xss.yml b/changelogs/unreleased/security-mermaid-xss.yml
new file mode 100644
index 00000000000..bcf93ef37ff
--- /dev/null
+++ b/changelogs/unreleased/security-mermaid-xss.yml
@@ -0,0 +1,5 @@
+---
+title: Configure mermaid to not render HTML content in diagrams
+merge_request:
+author:
+type: security
author	Steve Azzopardi <sazzopardi@gitlab.com>	2018-11-23 11:23:02 +0300
committer	Steve Azzopardi <sazzopardi@gitlab.com>	2018-11-23 11:23:02 +0300
commit	f29122ec6d762623436abe5dbf992c9d00a04899 (patch)
tree	847793d81ee801f0e732baf5250a2301a39ab375 /changelogs
parent	b84707f5dd088ad49e6e85d1c956ec405969a53e (diff)
parent	ae34dd6eb7a77a4fe7f9c1aea414bf014747ba25 (diff)