Merge branch 'issue_15434' into 'master'

Fixes XSS injection REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15434 **Without the fix** ![xss1](/uploads/0a7b0b15fb87066965a7c73f1dbaa815/xss1.gif) **With the fix** ![xss2](/uploads/473cfa0aa80656f24c58aebf1fd97fff/xss2.gif) See merge request !1952

Merge branch 'issue_15434' into 'master'
Fixes XSS injection REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15434 **Without the fix** ![xss1](/uploads/0a7b0b15fb87066965a7c73f1dbaa815/xss1.gif) **With the fix** ![xss2](/uploads/473cfa0aa80656f24c58aebf1fd97fff/xss2.gif) See merge request !1952
5c7de435 · Jacob Schatz · Robert Speicher · e76a2a2e · 5c7de435 · 5c7de435
Commit 5c7de435 authored Apr 21, 2016 by Jacob Schatz Committed by Robert Speicher Apr 25, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

app/assets/javascripts/commits.js.coffee app/assets/javascripts/commits.js.coffee +1 -1

app/views/projects/commits/show.html.haml app/views/projects/commits/show.html.haml +1 -1

No files found.
--- a/app/assets/javascripts/commits.js.coffee
+++ b/app/assets/javascripts/commits.js.coffee
 class @CommitsList
  @timer = null
-  @init: (ref, limit) ->
+  @init: (limit) ->
    $("body").on "click", ".day-commits-table li.commit", (event) ->
      if event.target.nodeName != "A"
        location.href = $(this).attr("url")

--- a/app/views/projects/commits/show.html.haml
+++ b/app/views/projects/commits/show.html.haml
@@ -39,4 +39,4 @@
 = spinner
 :javascript
-  CommitsList.init("#{@ref}", #{@limit});
+  CommitsList.init(#{@limit});