Merge branch 'fl-fix-milestone-bug-10-6' into 'security-10-6'
Escape miletone attribute when appending to the DOM See merge request gitlab/gitlabhq!2359
This commit is contained in:
Phil Hughes
James Lopez
parent
39bb372038
commit
0498a5dd77
2 changed files with 21 additions and 4 deletions
|
|
@ -94,10 +94,10 @@ export default class MilestoneSelect {
|
|||
if (showMenuAbove) {
|
||||
$dropdown.data('glDropdown').positionMenuAbove();
|
||||
}
|
||||
$(`[data-milestone-id="${selectedMilestone}"] > a`).addClass('is-active');
|
||||
$(`[data-milestone-id="${_.escape(selectedMilestone)}"] > a`).addClass('is-active');
|
||||
}),
|
||||
renderRow: milestone => `
|
||||
<li data-milestone-id="${milestone.name}">
|
||||
<li data-milestone-id="${_.escape(milestone.name)}">
|
||||
<a href='#' class='dropdown-menu-milestone-link'>
|
||||
${_.escape(milestone.title)}
|
||||
</a>
|
||||
|
|
@ -125,7 +125,6 @@ export default class MilestoneSelect {
|
|||
return milestone.id;
|
||||
}
|
||||
},
|
||||
isSelected: milestone => milestone.name === selectedMilestone,
|
||||
hidden: () => {
|
||||
$selectBox.hide();
|
||||
// display:block overrides the hide-collapse rule
|
||||
|
|
@ -137,7 +136,7 @@ export default class MilestoneSelect {
|
|||
selectedMilestone = $dropdown[0].dataset.selected || selectedMilestoneDefault;
|
||||
}
|
||||
$('a.is-active', $el).removeClass('is-active');
|
||||
$(`[data-milestone-id="${selectedMilestone}"] > a`, $el).addClass('is-active');
|
||||
$(`[data-milestone-id="${_.escape(selectedMilestone)}"] > a`, $el).addClass('is-active');
|
||||
},
|
||||
vue: $dropdown.hasClass('js-issue-board-sidebar'),
|
||||
clicked: (clickEvent) => {
|
||||
|
|
@ -158,6 +157,7 @@ export default class MilestoneSelect {
|
|||
const isMRIndex = (page === page && page === 'projects:merge_requests:index');
|
||||
const isSelecting = (selected.name !== selectedMilestone);
|
||||
selectedMilestone = isSelecting ? selected.name : selectedMilestoneDefault;
|
||||
|
||||
if ($dropdown.hasClass('js-filter-bulk-update') || $dropdown.hasClass('js-issuable-form-dropdown')) {
|
||||
e.preventDefault();
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -226,6 +226,23 @@ describe 'New/edit issue', :js do
|
|||
|
||||
expect(page).to have_selector('.atwho-view')
|
||||
end
|
||||
|
||||
describe 'milestone' do
|
||||
let!(:milestone) { create(:milestone, title: '"><img src=x onerror=alert(document.domain)>', project: project) }
|
||||
|
||||
it 'escapes milestone' do
|
||||
click_button 'Milestone'
|
||||
|
||||
page.within '.issue-milestone' do
|
||||
click_link milestone.title
|
||||
end
|
||||
|
||||
page.within '.js-milestone-select' do
|
||||
expect(page).to have_content milestone.title
|
||||
expect(page).not_to have_selector 'img'
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'edit issue' do
|
||||
|
|
|
|||
Loading…
Reference in a new issue