From 4012c695cb17f77f3fc928e9eef5c2fd679defc1 Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Mon, 17 Oct 2016 11:07:44 +0100
Subject: Stop event_commit_title from escaping its output

Return a non-html-safe, unescaped String instead of ActiveSupport::SafeBuffer
to preserve safety when the output is misused. Currently there's oly one user,
which does the right thing.

Closes #23311
---
 app/helpers/events_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/helpers/events_helper.rb')

diff --git a/app/helpers/events_helper.rb b/app/helpers/events_helper.rb
index bfedcb1c42b..f8ded05c31a 100644
--- a/app/helpers/events_helper.rb
+++ b/app/helpers/events_helper.rb
@@ -154,7 +154,7 @@ module EventsHelper
   end
 
   def event_commit_title(message)
-    escape_once(truncate(message.split("\n").first, length: 70))
+    (message.split("\n").first || "").truncate(70)
   rescue
     "--broken encoding"
   end
-- 
cgit v1.2.3