gitlab-org--gitlab-foss

Commit Graph

Author	SHA1	Message	Date
Douwe Maan	9d7c5e7584	Address feedback	2017-02-06 18:06:46 -06:00
Douwe Maan	3aa1264dc6	Add tests	2017-02-06 16:12:24 -06:00
Robert Speicher	7cc239528e	Remove persistent XSS vulnerability in `commit_person_link` helper Because we were incorrectly supplying the tooltip title as `data-original-title` (which Bootstrap's Tooltip JS automatically applies based on the `title` attribute; we should never be setting it directly), the value was being passed through as-is. Instead, we should be supplying the normal `title` attribute and letting Rails escape the value, which also negates the need for us to call `sanitize` on it. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126	2016-04-17 18:42:49 -04:00

Author

SHA1

Message

Date

Douwe Maan

9d7c5e7584

Address feedback

2017-02-06 18:06:46 -06:00

Douwe Maan

3aa1264dc6

Add tests

2017-02-06 16:12:24 -06:00

Robert Speicher

7cc239528e

Remove persistent XSS vulnerability in `commit_person_link` helper

Because we were incorrectly supplying the tooltip title as
`data-original-title` (which Bootstrap's Tooltip JS automatically
applies based on the `title` attribute; we should never be setting it
directly), the value was being passed through as-is.

Instead, we should be supplying the normal `title` attribute and letting
Rails escape the value, which also negates the need for us to call
`sanitize` on it.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126

2016-04-17 18:42:49 -04:00

3 Commits