Commit 52c5d9a6 authored by Fatih Acet's avatar Fatih Acet

Merge branch...

Merge branch '37673-minor-issue-with-apostrophe-single-quote-when-clicking-assign-to-me' into 'master'

Fix escape name in assignYourself

Closes #37673

See merge request gitlab-org/gitlab-ce!24673
parents b64e261b 6c199005
...@@ -93,23 +93,22 @@ function UsersSelect(currentUser, els, options = {}) { ...@@ -93,23 +93,22 @@ function UsersSelect(currentUser, els, options = {}) {
} }
// Save current selected user to the DOM // Save current selected user to the DOM
const input = document.createElement('input'); const currentUserInfo = $dropdown.data('currentUserInfo') || {};
input.type = 'hidden'; const currentUser = _this.currentUser || {};
input.name = $dropdown.data('fieldName'); const fieldName = $dropdown.data('fieldName');
const userName = currentUserInfo.name;
const currentUserInfo = $dropdown.data('currentUserInfo'); const userId = currentUserInfo.id || currentUser.id;
if (currentUserInfo) { const inputHtmlString = _.template(`
input.value = currentUserInfo.id; <input type="hidden" name="<%- fieldName %>"
input.dataset.meta = _.escape(currentUserInfo.name); data-meta="<%- userName %>"
} else if (_this.currentUser) { value="<%- userId %>" />
input.value = _this.currentUser.id; `)({ fieldName, userName, userId });
}
if ($selectbox) { if ($selectbox) {
$dropdown.parent().before(input); $dropdown.parent().before(inputHtmlString);
} else { } else {
$dropdown.after(input); $dropdown.after(inputHtmlString);
} }
}; };
......
---
title: Fix username escaping when using assign to me for issues
merge_request: 24673
author:
type: fixed
...@@ -93,4 +93,22 @@ describe "User creates issue" do ...@@ -93,4 +93,22 @@ describe "User creates issue" do
end end
end end
end end
context "when signed in as user with special characters in their name" do
let(:user_special) { create(:user, name: "Jon O'Shea") }
before do
project.add_developer(user_special)
sign_in(user_special)
visit(new_project_issue_path(project))
end
it "will correctly escape user names with an apostrophe when clicking 'Assign to me'", :js do
first('.assign-to-me-link').click
expect(page).to have_content(user_special.name)
expect(page.find('input[name="issue[assignee_ids][]"]', visible: false)['data-meta']).to eq(user_special.name)
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment