From 5e9fa5b2d8521c4318bd25ffa71e160e072b0c19 Mon Sep 17 00:00:00 2001
From: Paul Slaughter <pslaughter@gitlab.com>
Date: Tue, 26 Feb 2019 08:43:43 -0600
Subject: Fix XSS in resolve conflicts form

The issue arose when the branch name contained Vue template
JavaScript. The fix is to use `v-pre` which disables Vue
compilation in a template.
---
 .../unreleased/security-56927-xss-resolve-conflicts-branch-name.yml  | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml

(limited to 'changelogs')

diff --git a/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml
new file mode 100644
index 00000000000..f92d2c0dcb1
--- /dev/null
+++ b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml
@@ -0,0 +1,5 @@
+---
+title: Fix XSS in resolve conflicts form
+merge_request:
+author:
+type: security
-- 
cgit v1.2.3