Add latest changes from gitlab-org/security/gitlab@13-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 17:57:37 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 17:57:37 +0300
commit: 13f0d48172df4463fd4c2dbded7fdbbbfe88e0a9 (patch)
tree: ec69b0b3f5e070aff23f995b97512ed2657d1793 /lib/gitlab/static_site_editor
parent: 581d2902d00f62bb789ba56f80bbb750f989e6cf (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/gitlab/static_site_editor/config.rb b/lib/gitlab/static_site_editor/config.rb
index c931cdecbeb..65c567ec2a6 100644
--- a/lib/gitlab/static_site_editor/config.rb
+++ b/lib/gitlab/static_site_editor/config.rb
@@ -21,7 +21,7 @@ module Gitlab
           project_id: project.id,
           project: project.path,
           namespace: project.namespace.path,
-          return_url: return_url,
+          return_url: sanitize_url(return_url),
           is_supported_content: supported_content?.to_s,
           base_url: Gitlab::Routing.url_helpers.project_show_sse_path(project, full_path)
         }
@@ -52,6 +52,10 @@ module Gitlab
       def full_path
         "#{ref}/#{file_path}"
       end
+
+      def sanitize_url(url)
+        url if Gitlab::UrlSanitizer.valid_web?(url)
+      end
     end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 17:57:37 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 17:57:37 +0300
commit	13f0d48172df4463fd4c2dbded7fdbbbfe88e0a9 (patch)
tree	ec69b0b3f5e070aff23f995b97512ed2657d1793 /lib/gitlab/static_site_editor
parent	581d2902d00f62bb789ba56f80bbb750f989e6cf (diff)