Merge branch 'rs-issue-21017' into 'master'

Update Hamlit to 2.6.1 Fixes gitlab-org/gitlab-ce#21025 and gitlab-org/gitlab-ce#21017 See merge request !5873 (cherry picked from commit e26ce27d)

Merge branch 'rs-issue-21017' into 'master'
Update Hamlit to 2.6.1 Fixes gitlab-org/gitlab-ce#21025 and gitlab-org/gitlab-ce#21017 See merge request !5873 (cherry picked from commit e26ce27d)
8b21b00f · Robert Speicher · Robert Speicher · ea71c20d · 8b21b00f · 8b21b00f
Commit 8b21b00f authored Aug 18, 2016 by Robert Speicher Committed by Robert Speicher Aug 19, 2016
4 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -76,7 +76,7 @@ gem 'rack-cors',    '~> 0.4.0', require: 'rack/cors'
 gem 'kaminari', '~> 0.17.0'

 # HAML
-gem 'hamlit', '~> 2.5'
+gem 'hamlit', '~> 2.6.1'

 # Files attachments
 gem 'carrierwave', '~> 0.10.0'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -317,7 +317,7 @@ GEM
    grape-entity (0.4.8)
      activesupport
      multi_json (>= 1.3.2)
-    hamlit (2.5.0)
+    hamlit (2.6.1)
      temple (~> 0.7.6)
      thor
      tilt
@@ -869,7 +869,7 @@ DEPENDENCIES
  gon (~> 6.0.1)
  grape (~> 0.13.0)
  grape-entity (~> 0.4.2)
-  hamlit (~> 2.5)
+  hamlit (~> 2.6.1)
  health_check (~> 2.1.0)
  hipchat (~> 1.5.0)
  html-pipeline (~> 1.11.0)

--- a/spec/helpers/page_layout_helper_spec.rb
+++ b/spec/helpers/page_layout_helper_spec.rb
@@ -97,5 +97,14 @@ describe PageLayoutHelper do
        expect(tags).to include %q(<meta property="twitter:data1" content="bar" />)
      end
    end
+
+    it 'escapes content' do
+      allow(helper).to receive(:page_card_attributes)
+        .and_return(foo: %q{foo" http-equiv="refresh}.html_safe)
+
+      tags = helper.page_card_meta_tags
+
+      expect(tags).to include(%q{content="foo&quot; http-equiv=&quot;refresh"})
+    end
  end
 end
--- a/spec/views/layouts/_head.html.haml_spec.rb
+++ b/spec/views/layouts/_head.html.haml_spec.rb
+require 'spec_helper'
+
+describe 'layouts/_head' do
+  before do
+    stub_template 'layouts/_user_styles.html.haml' => ''
+  end
+
+  it 'escapes HTML-safe strings in page_title' do
+    stub_helper_with_safe_string(:page_title)
+
+    render
+
+    expect(rendered).to match(%{content="foo&quot; http-equiv=&quot;refresh"})
+  end
+
+  it 'escapes HTML-safe strings in page_description' do
+    stub_helper_with_safe_string(:page_description)
+
+    render
+
+    expect(rendered).to match(%{content="foo&quot; http-equiv=&quot;refresh"})
+  end
+
+  it 'escapes HTML-safe strings in page_image' do
+    stub_helper_with_safe_string(:page_image)
+
+    render
+
+    expect(rendered).to match(%{content="foo&quot; http-equiv=&quot;refresh"})
+  end
+
+  def stub_helper_with_safe_string(method)
+    allow_any_instance_of(PageLayoutHelper).to receive(method)
+      .and_return(%q{foo" http-equiv="refresh}.html_safe)
+  end
+end