Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
bed60b8c
Commit
bed60b8c
authored
Feb 15, 2018
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Escape HTML entities in commit messages
parent
2b331369
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
12 additions
and
8 deletions
+12
-8
changelogs/unreleased/dm-escape-commit-message.yml
changelogs/unreleased/dm-escape-commit-message.yml
+5
-0
lib/banzai/filter/html_entity_filter.rb
lib/banzai/filter/html_entity_filter.rb
+1
-1
spec/helpers/events_helper_spec.rb
spec/helpers/events_helper_spec.rb
+4
-0
spec/lib/banzai/filter/html_entity_filter_spec.rb
spec/lib/banzai/filter/html_entity_filter_spec.rb
+2
-7
No files found.
changelogs/unreleased/dm-escape-commit-message.yml
0 → 100644
View file @
bed60b8c
---
title
:
Escape HTML entities in commit messages
merge_request
:
author
:
type
:
fixed
lib/banzai/filter/html_entity_filter.rb
View file @
bed60b8c
...
...
@@ -5,7 +5,7 @@ module Banzai
# Text filter that escapes these HTML entities: & " < >
class
HtmlEntityFilter
<
HTML
::
Pipeline
::
TextFilter
def
call
ERB
::
Util
.
html_escape
_once
(
text
)
ERB
::
Util
.
html_escape
(
text
)
end
end
end
...
...
spec/helpers/events_helper_spec.rb
View file @
bed60b8c
...
...
@@ -20,5 +20,9 @@ describe EventsHelper do
it
'handles nil values'
do
expect
(
helper
.
event_commit_title
(
nil
)).
to
eq
(
''
)
end
it
'does not escape HTML entities'
do
expect
(
helper
.
event_commit_title
(
"foo & bar"
)).
to
eq
(
"foo & bar"
)
end
end
end
spec/lib/banzai/filter/html_entity_filter_spec.rb
View file @
bed60b8c
...
...
@@ -3,17 +3,12 @@ require 'spec_helper'
describe
Banzai
::
Filter
::
HtmlEntityFilter
do
include
FilterSpecHelper
let
(
:unescaped
)
{
'foo <strike attr="foo">&&
&
</strike>'
}
let
(
:escaped
)
{
'foo <strike attr="foo">&&&</strike>'
}
let
(
:unescaped
)
{
'foo <strike attr="foo">&&
amp;
</strike>'
}
let
(
:escaped
)
{
'foo <strike attr="foo">&&
amp;
&</strike>'
}
it
'converts common entities to their HTML-escaped equivalents'
do
output
=
filter
(
unescaped
)
expect
(
output
).
to
eq
(
escaped
)
end
it
'does not double-escape'
do
escaped
=
ERB
::
Util
.
html_escape
(
"Merge branch 'blabla' into 'master'"
)
expect
(
filter
(
escaped
)).
to
eq
(
escaped
)
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment