Fix HTML being rendered in mirror error message

In Rails 6, String manipulation methods are now HTML-safe aware. https://github.com/rails/rails/pull/33990 This means, when doing the `#insert` here it first escapes the HTML before inserting into the HTML-safe string

Fix HTML being rendered in mirror error message
In Rails 6, String manipulation methods are now HTML-safe aware. https://github.com/rails/rails/pull/33990 This means, when doing the `#insert` here it first escapes the HTML before inserting into the HTML-safe string
50510ade · Heinrich Lee Yu · 794e3ce7 · 50510ade · 50510ade
Commit 50510ade authored Feb 07, 2020 by Heinrich Lee Yu
Showing with 8 additions and 1 deletion

ee/app/helpers/ee/mirror_helper.rb ee/app/helpers/ee/mirror_helper.rb +1 -1

ee/spec/views/shared/_mirror_status.html.haml_spec.rb ee/spec/views/shared/_mirror_status.html.haml_spec.rb +7 -0

No files found.
--- a/ee/app/helpers/ee/mirror_helper.rb
+++ b/ee/app/helpers/ee/mirror_helper.rb
@@ -8,7 +8,7 @@ module EE

      return message if raw_message

-      message.insert(0, "#{icon('warning triangle')} ")
+      message = icon('warning triangle') + ' ' + message

      if can?(current_user, :admin_project, @project)
        link_to message, project_mirror_path(@project)

--- a/ee/spec/views/shared/_mirror_status.html.haml_spec.rb
+++ b/ee/spec/views/shared/_mirror_status.html.haml_spec.rb
@@ -42,6 +42,13 @@ describe 'shared/_mirror_status.html.haml' do
      expect(rendered).to have_content("The repository failed to update")
    end

+    it 'renders failure message with icon' do
+      render 'shared/mirror_status'
+
+      expect(rendered).to have_content('The repository failed to update')
+      expect(rendered).to have_css('i', class: 'fa-warning fa-triangle')
+    end
+
    context 'with a previous successful update' do
      it 'renders failure message' do
        @project.import_state.last_successful_update_at = Time.now - 1.minute