diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-26 17:57:37 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-26 17:57:37 +0300 |
commit | 13f0d48172df4463fd4c2dbded7fdbbbfe88e0a9 (patch) | |
tree | ec69b0b3f5e070aff23f995b97512ed2657d1793 /lib/gitlab/static_site_editor | |
parent | 581d2902d00f62bb789ba56f80bbb750f989e6cf (diff) |
Add latest changes from gitlab-org/security/gitlab@13-0-stable-ee
Diffstat (limited to 'lib/gitlab/static_site_editor')
-rw-r--r-- | lib/gitlab/static_site_editor/config.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/gitlab/static_site_editor/config.rb b/lib/gitlab/static_site_editor/config.rb index c931cdecbeb..65c567ec2a6 100644 --- a/lib/gitlab/static_site_editor/config.rb +++ b/lib/gitlab/static_site_editor/config.rb @@ -21,7 +21,7 @@ module Gitlab project_id: project.id, project: project.path, namespace: project.namespace.path, - return_url: return_url, + return_url: sanitize_url(return_url), is_supported_content: supported_content?.to_s, base_url: Gitlab::Routing.url_helpers.project_show_sse_path(project, full_path) } @@ -52,6 +52,10 @@ module Gitlab def full_path "#{ref}/#{file_path}" end + + def sanitize_url(url) + url if Gitlab::UrlSanitizer.valid_web?(url) + end end end end |