Allowing ">" to be used for Milestone models's title and storing the value in db as unescaped.
Updating test value for milestone title Adding API test for title with reserved HTML characters. Updating changelog Adding the MR number for fixing bug #22452. removing duplicate line Updating MR number.
This commit is contained in:
parent
80fef70bb7
commit
82b13a21a6
4 changed files with 16 additions and 3 deletions
|
@ -20,6 +20,7 @@ v 8.13.0 (unreleased)
|
||||||
- Optimize GitHub importing for speed and memory
|
- Optimize GitHub importing for speed and memory
|
||||||
- API: expose pipeline data in builds API (!6502, Guilherme Salazar)
|
- API: expose pipeline data in builds API (!6502, Guilherme Salazar)
|
||||||
- Fix broken repository 500 errors in project list
|
- Fix broken repository 500 errors in project list
|
||||||
|
- Fix unnecessary escaping of reserved HTML characters in milestone title. !6533
|
||||||
|
|
||||||
v 8.12.4 (unreleased)
|
v 8.12.4 (unreleased)
|
||||||
|
|
||||||
|
|
|
@ -158,7 +158,7 @@ class Milestone < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def title=(value)
|
def title=(value)
|
||||||
write_attribute(:title, Sanitize.clean(value.to_s)) if value.present?
|
write_attribute(:title, sanitize_title(value)) if value.present?
|
||||||
end
|
end
|
||||||
|
|
||||||
# Sorts the issues for the given IDs.
|
# Sorts the issues for the given IDs.
|
||||||
|
@ -204,4 +204,8 @@ class Milestone < ActiveRecord::Base
|
||||||
iid
|
iid
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def sanitize_title(value)
|
||||||
|
CGI.unescape_html(Sanitize.clean(value.to_s))
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -20,10 +20,10 @@ describe Milestone, models: true do
|
||||||
let(:user) { create(:user) }
|
let(:user) { create(:user) }
|
||||||
|
|
||||||
describe "#title" do
|
describe "#title" do
|
||||||
let(:milestone) { create(:milestone, title: "<b>test</b>") }
|
let(:milestone) { create(:milestone, title: "<b>foo & bar -> 2.2</b>") }
|
||||||
|
|
||||||
it "sanitizes title" do
|
it "sanitizes title" do
|
||||||
expect(milestone.title).to eq("test")
|
expect(milestone.title).to eq("foo & bar -> 2.2")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -104,6 +104,14 @@ describe API::API, api: true do
|
||||||
|
|
||||||
expect(response).to have_http_status(400)
|
expect(response).to have_http_status(400)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'creates a new project with reserved html characters' do
|
||||||
|
post api("/projects/#{project.id}/milestones", user), title: 'foo & bar 1.1 -> 2.2'
|
||||||
|
|
||||||
|
expect(response).to have_http_status(201)
|
||||||
|
expect(json_response['title']).to eq('foo & bar 1.1 -> 2.2')
|
||||||
|
expect(json_response['description']).to be_nil
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'PUT /projects/:id/milestones/:milestone_id' do
|
describe 'PUT /projects/:id/milestones/:milestone_id' do
|
||||||
|
|
Loading…
Reference in a new issue