Escape html entities when no label found

author: Jarka Košanová <jarka@gitlab.com> 2018-12-12 21:28:31 +0300
committer: Jarka Košanová <jarka@gitlab.com> 2018-12-22 16:54:53 +0300
commit: a5843ecb4c6dd6e61efb21ed3b602a8a32981492 (patch)
tree: 372cbf32a5cc7af01a434f2bcb453fc9d7327cdd /lib
parent: d2120ff1e705799752e7d9704cae3f1896d8e186 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/banzai/filter/label_reference_filter.rb b/lib/banzai/filter/label_reference_filter.rb
index 04ec38209c7..f90a35952e5 100644
--- a/lib/banzai/filter/label_reference_filter.rb
+++ b/lib/banzai/filter/label_reference_filter.rb
@@ -29,7 +29,7 @@ module Banzai
           if label
             yield match, label.id, project, namespace, $~
           else
-            match
+            escape_html_entities(match)
           end
         end
       end
@@ -102,6 +102,10 @@ module Banzai
         CGI.unescapeHTML(text.to_s)
       end
 
+      def escape_html_entities(text)
+        CGI.escapeHTML(text.to_s)
+      end
+
       def object_link_title(object, matches)
         # use title of wrapped element instead
         nil
author	Jarka Košanová <jarka@gitlab.com>	2018-12-12 21:28:31 +0300
committer	Jarka Košanová <jarka@gitlab.com>	2018-12-22 16:54:53 +0300
commit	a5843ecb4c6dd6e61efb21ed3b602a8a32981492 (patch)
tree	372cbf32a5cc7af01a434f2bcb453fc9d7327cdd /lib
parent	d2120ff1e705799752e7d9704cae3f1896d8e186 (diff)