diff options
Diffstat (limited to 'app/services/concerns/protected_ref_name_sanitizer.rb')
-rw-r--r-- | app/services/concerns/protected_ref_name_sanitizer.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/app/services/concerns/protected_ref_name_sanitizer.rb b/app/services/concerns/protected_ref_name_sanitizer.rb new file mode 100644 index 00000000000..3966c410fec --- /dev/null +++ b/app/services/concerns/protected_ref_name_sanitizer.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +module ProtectedRefNameSanitizer + def sanitize_name(name) + name = CGI.unescapeHTML(name) + name = Sanitize.fragment(name) + + # Sanitize.fragment escapes HTML chars, so unescape again to allow names + # like `feature->master` + CGI.unescapeHTML(name) + end +end |