kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
103,450 Commits 1 Branch 0 Tags 899 MiB
Commit Graph

11 Commits

Author SHA1 Message Date
GitLab Bot 1808454313 Add latest changes from gitlab-org/gitlab@master 2020-01-31 12:08:33 +00:00
GitLab Bot dea6ebd31a Add latest changes from gitlab-org/gitlab@master 2019-09-30 12:06:01 +00:00
Ash McKenzie 19ff9d9899
Replace rails_helper.rb with spec_helper.rb 
rails_helper.rb's only logic was to require
spec_helper.rb.
 2019-08-30 12:26:18 +10:00
Tim Zallmann c4e491909b Added Class check to commits helper Spec 2019-01-04 16:59:03 +01:00
George Tsiolis f611493912 Fix committer typo 2018-09-25 11:51:07 +03:00
Douwe Maan 4acab552be Merge branch 'fix-escape-commit-block' into 'security-9-5' 
[9.5] Prevent a persistent XSS in the commit author block

See merge request gitlab/gitlabhq!2180
 2017-09-07 20:22:16 -04:00
Robert Speicher 72a7b30c9f Change all `:empty_project` to `:project` 2017-08-02 17:47:31 -04:00
Grzegorz Bizon 0430b76441 Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
Douwe Maan 9d7c5e7584 Address feedback 2017-02-06 18:06:46 -06:00
Douwe Maan 3aa1264dc6 Add tests 2017-02-06 16:12:24 -06:00
Robert Speicher 7cc239528e Remove persistent XSS vulnerability in `commit_person_link` helper 
Because we were incorrectly supplying the tooltip title as
`data-original-title` (which Bootstrap's Tooltip JS automatically
applies based on the `title` attribute; we should never be setting it
directly), the value was being passed through as-is.

Instead, we should be supplying the normal `title` attribute and letting
Rails escape the value, which also negates the need for us to call
`sanitize` on it.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126
 2016-04-17 18:42:49 -04:00