Merge branch 'fix-hamlit-xss-ee' into 'security-9-1-ee'

New Hamlit XSS fix, does not include extraneous changes See merge request !509

Merge branch 'fix-hamlit-xss-ee' into 'security-9-1-ee'
New Hamlit XSS fix, does not include extraneous changes See merge request !509
7f6cddc2 · Robert Speicher · Bob Van Landuyt · f695ef55 · 7f6cddc2 · 7f6cddc2
Commit 7f6cddc2 authored May 03, 2017 by Robert Speicher Committed by Bob Van Landuyt May 10, 2017
Showing with 7 additions and 2 deletions

app/views/projects/mirrors/_show.html.haml app/views/projects/mirrors/_show.html.haml +2 -2

changelogs/unreleased-ee/hamlit-xss-fix-ee.yml changelogs/unreleased-ee/hamlit-xss-fix-ee.yml +5 -0

No files found.
--- a/app/views/projects/mirrors/_show.html.haml
+++ b/app/views/projects/mirrors/_show.html.haml
@@ -22,7 +22,7 @@
          .panel-body
            %pre
              :preserve
-                #{@project.import_error.try(:strip)}
+                #{h(@project.import_error.try(:strip))}
      .form-group
        = f.check_box :mirror, class: "pull-left"
        .prepend-left-20
@@ -66,7 +66,7 @@
          .panel-body
            %pre
              :preserve
-                #{@remote_mirror.last_error.strip}
+                #{h(@remote_mirror.last_error.strip)}
      = f.fields_for :remote_mirrors, @remote_mirror do |rm_form|
        .form-group
          = rm_form.check_box :enabled, class: "pull-left"

--- a/changelogs/unreleased-ee/hamlit-xss-fix-ee.yml
+++ b/changelogs/unreleased-ee/hamlit-xss-fix-ee.yml
+---
+title: Fix for XSS in project mirror errors caused by Hamlit filter usage.
+merge_request:
+author:
+