Fix username escaping when clicking 'assign to me'
Add spec for assigning user with apostrophe in name
This commit is contained in:
parent
b64e261b87
commit
6c19900509
|
@ -93,23 +93,22 @@ function UsersSelect(currentUser, els, options = {}) {
|
|||
}
|
||||
|
||||
// Save current selected user to the DOM
|
||||
const input = document.createElement('input');
|
||||
input.type = 'hidden';
|
||||
input.name = $dropdown.data('fieldName');
|
||||
const currentUserInfo = $dropdown.data('currentUserInfo') || {};
|
||||
const currentUser = _this.currentUser || {};
|
||||
const fieldName = $dropdown.data('fieldName');
|
||||
const userName = currentUserInfo.name;
|
||||
const userId = currentUserInfo.id || currentUser.id;
|
||||
|
||||
const currentUserInfo = $dropdown.data('currentUserInfo');
|
||||
|
||||
if (currentUserInfo) {
|
||||
input.value = currentUserInfo.id;
|
||||
input.dataset.meta = _.escape(currentUserInfo.name);
|
||||
} else if (_this.currentUser) {
|
||||
input.value = _this.currentUser.id;
|
||||
}
|
||||
const inputHtmlString = _.template(`
|
||||
<input type="hidden" name="<%- fieldName %>"
|
||||
data-meta="<%- userName %>"
|
||||
value="<%- userId %>" />
|
||||
`)({ fieldName, userName, userId });
|
||||
|
||||
if ($selectbox) {
|
||||
$dropdown.parent().before(input);
|
||||
$dropdown.parent().before(inputHtmlString);
|
||||
} else {
|
||||
$dropdown.after(input);
|
||||
$dropdown.after(inputHtmlString);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Fix username escaping when using assign to me for issues
|
||||
merge_request: 24673
|
||||
author:
|
||||
type: fixed
|
|
@ -93,4 +93,22 @@ describe "User creates issue" do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
context "when signed in as user with special characters in their name" do
|
||||
let(:user_special) { create(:user, name: "Jon O'Shea") }
|
||||
|
||||
before do
|
||||
project.add_developer(user_special)
|
||||
sign_in(user_special)
|
||||
|
||||
visit(new_project_issue_path(project))
|
||||
end
|
||||
|
||||
it "will correctly escape user names with an apostrophe when clicking 'Assign to me'", :js do
|
||||
first('.assign-to-me-link').click
|
||||
|
||||
expect(page).to have_content(user_special.name)
|
||||
expect(page.find('input[name="issue[assignee_ids][]"]', visible: false)['data-meta']).to eq(user_special.name)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue