Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/gitlab/dependency_linker
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-03-05 00:07:54 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2020-03-05 00:07:54 +0300
commit2fd92f2dc784ade9cb4e1c33dd60cbfad7b86818 (patch)
tree7779f36689db97a46e0268a4aec1d49f283eb0c8 /lib/gitlab/dependency_linker
parent42ca24aa5bbab7a2d43bc866d9bee9876941cea2 (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/dependency_linker')
-rw-r--r--lib/gitlab/dependency_linker/base_linker.rb7
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/gitlab/dependency_linker/base_linker.rb b/lib/gitlab/dependency_linker/base_linker.rb
index dd7ab92c6ae..a4e265eba88 100644
--- a/lib/gitlab/dependency_linker/base_linker.rb
+++ b/lib/gitlab/dependency_linker/base_linker.rb
@@ -7,6 +7,8 @@ module Gitlab
GIT_INVALID_URL_REGEX = /^git\+#{URL_REGEX}/.freeze
REPO_REGEX = %r{[^/'" ]+/[^/'" ]+}.freeze
+ include ActionView::Helpers::SanitizeHelper
+
class_attribute :file_type
def self.support?(blob_name)
@@ -62,7 +64,10 @@ module Gitlab
end
def link_tag(name, url)
- %{<a href="#{ERB::Util.html_escape_once(url)}" rel="nofollow noreferrer noopener" target="_blank">#{ERB::Util.html_escape_once(name)}</a>}.html_safe
+ sanitize(
+ %{<a href="#{ERB::Util.html_escape_once(url)}" rel="nofollow noreferrer noopener" target="_blank">#{ERB::Util.html_escape_once(name)}</a>},
+ attributes: %w[href rel target]
+ )
end
# Links package names based on regex.
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-20 18:30:26 +0300