Merge branch 'security-fj-stored-xss-in-repository-imports-11-3' into 'security-11-3'

[11.3] Stored XSS in Gitlab Merge Request from imported repository See merge request gitlab/gitlabhq!2500
author: Bob Van Landuyt <bob@gitlab.com> 2018-09-25 12:33:16 +0300
committer: Bob Van Landuyt <bob@vanlanduyt.co> 2018-09-25 12:37:16 +0300
commit: d3951d6944f83bd542538b0c14c9271bd0789b67 (patch)
tree: 27f9c8622081aeea4e82bc3f276c515c9c21da9e /lib
parent: 14e45a03a6c38960c1888dab12c6f040345e8bb5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/diff/highlight.rb b/lib/gitlab/diff/highlight.rb
index 1f012043e56..a605ddb5c33 100644
--- a/lib/gitlab/diff/highlight.rb
+++ b/lib/gitlab/diff/highlight.rb
@@ -24,7 +24,7 @@ module Gitlab
           # ignore highlighting for "match" lines
           next diff_line if diff_line.meta?
 
-          rich_line = highlight_line(diff_line) || diff_line.text
+          rich_line = highlight_line(diff_line) || ERB::Util.html_escape(diff_line.text)
 
           if line_inline_diffs = inline_diffs[i]
             begin
author	Bob Van Landuyt <bob@gitlab.com>	2018-09-25 12:33:16 +0300
committer	Bob Van Landuyt <bob@vanlanduyt.co>	2018-09-25 12:37:16 +0300
commit	d3951d6944f83bd542538b0c14c9271bd0789b67 (patch)
tree	27f9c8622081aeea4e82bc3f276c515c9c21da9e /lib
parent	14e45a03a6c38960c1888dab12c6f040345e8bb5 (diff)