Commit 5bf22606 authored by Douwe Maan's avatar Douwe Maan

Fix XSS issue by not using URI.join

parent 27f2ca94
...@@ -185,8 +185,7 @@ class Environment < ActiveRecord::Base ...@@ -185,8 +185,7 @@ class Environment < ActiveRecord::Base
public_path = project.public_path_for_source_path(path, commit_sha) public_path = project.public_path_for_source_path(path, commit_sha)
return unless public_path return unless public_path
# TODO: Verify this can't be used for XSS [external_url, public_path].join('/')
URI.join(external_url, public_path).to_s
end end
private private
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment