Escape text passed directly to gfm

ba72c6f6 · Robert Speicher · 496f88af · ba72c6f6 · ba72c6f6 · ba72c6f6
Commit ba72c6f6 authored Sep 19, 2012 by Robert Speicher
7 changed files
--- a/app/views/events/_commit.html.haml
+++ b/app/views/events/_commit.html.haml
@@ -5,4 +5,4 @@
    %strong.cdark= commit.author_name
    &ndash;
    = image_tag gravatar_icon(commit.author_email), class: "avatar", width: 16
-    = gfm truncate(commit.title, length: 50) rescue "--broken encoding"
+    = gfm escape_once(truncate(commit.title, length: 50)) rescue "--broken encoding"
--- a/app/views/issues/show.html.haml
+++ b/app/views/issues/show.html.haml
@@ -31,7 +31,7 @@
        .alert-message.error.status_info Closed
      - else
        .alert-message.success.status_info Open
-      = gfm @issue.title
+      = gfm escape_once(@issue.title)
  .middle_box_content
    %cite.cgray Created by

--- a/app/views/merge_requests/show/_mr_box.html.haml
+++ b/app/views/merge_requests/show/_mr_box.html.haml
@@ -5,7 +5,7 @@
        .alert-message.error.status_info Closed
      - else
        .alert-message.success.status_info Open
-      = gfm @merge_request.title
+      = gfm escape_once(@merge_request.title)
  .middle_box_content
    %div

--- a/app/views/milestones/show.html.haml
+++ b/app/views/milestones/show.html.haml
@@ -21,7 +21,7 @@
        .alert-message.error.status_info Closed
      - else
        .alert-message.success.status_info Open
-      = gfm @milestone.title
+      = gfm escape_once(@milestone.title)
      %small.right= @milestone.expires_at
  .middle_box_content

--- a/app/views/repositories/_branch.html.haml
+++ b/app/views/repositories/_branch.html.haml
@@ -11,7 +11,7 @@
      %code= commit.short_id
    = image_tag gravatar_icon(commit.author_email), class: "", width: 16
-    = gfm truncate(commit.title, length: 40)
+    = gfm escape_once(truncate(commit.title, length: 40))
    %span.update-author.right
      = time_ago_in_words(commit.committed_date)
      ago

--- a/app/views/repositories/_feed.html.haml
+++ b/app/views/repositories/_feed.html.haml
@@ -13,7 +13,7 @@
      = link_to project_commits_path(@project, commit.id) do
        %code= commit.short_id
      = image_tag gravatar_icon(commit.author_email), class: "", width: 16
-      = gfm truncate(commit.title, length: 40)
+      = gfm escape_once(truncate(commit.title, length: 40))
  %td
    %span.right.cgray
      = time_ago_in_words(commit.committed_date)

--- a/app/views/repositories/tags.html.haml
+++ b/app/views/repositories/tags.html.haml
@@ -17,7 +17,7 @@
          = link_to project_commit_path(@project, commit.id) do
            %code= commit.short_id
          = image_tag gravatar_icon(commit.author_email), class: "", width: 16
-          = gfm truncate(commit.title, length: 40)
+          = gfm escape_once(truncate(commit.title, length: 40))
        %td
          %span.update-author.right
            = time_ago_in_words(commit.committed_date)