diff options
author | Robert Speicher <robert@gitlab.com> | 2017-12-22 18:05:19 +0300 |
---|---|---|
committer | Tiago Botelho <tiago@gitlab.com> | 2018-01-08 16:37:23 +0300 |
commit | ffccf4a5e2d809a38299f33e7148a26bef56ab48 (patch) | |
tree | 71eb33a9e26781bba6eefdcb00b03d08087cf7b7 /lib | |
parent | 3a163509588d83748c4333ad7a74ac077da4c953 (diff) |
Merge branch 'ac/41346-xss-ci-job-output-backport-10-1' into 'security-10-1'
[10.1] Fix XSS vulnerability in Pipeline job trace - back port 10.1
See merge request gitlab/gitlabhq!2261
(cherry picked from commit ddb49b9053a31db0dfb93e02be1975549f991695)
dc3d4676 Fix XSS vulnerability in Pipeline job trace
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/regex.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb index bd677ec4bf3..439c740fc0c 100644 --- a/lib/gitlab/regex.rb +++ b/lib/gitlab/regex.rb @@ -67,7 +67,7 @@ module Gitlab end def build_trace_section_regex - @build_trace_section_regexp ||= /section_((?:start)|(?:end)):(\d+):([^\r]+)\r\033\[0K/.freeze + @build_trace_section_regexp ||= /section_((?:start)|(?:end)):(\d+):([a-zA-Z0-9_.-]+)\r\033\[0K/.freeze end end end |