Commit graph

4 commits

Author SHA1 Message Date
Grzegorz Bizon
0430b76441 Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
Douwe Maan
9d7c5e7584 Address feedback 2017-02-06 18:06:46 -06:00
Douwe Maan
3aa1264dc6 Add tests 2017-02-06 16:12:24 -06:00
Robert Speicher
7cc239528e Remove persistent XSS vulnerability in commit_person_link helper
Because we were incorrectly supplying the tooltip title as
`data-original-title` (which Bootstrap's Tooltip JS automatically
applies based on the `title` attribute; we should never be setting it
directly), the value was being passed through as-is.

Instead, we should be supplying the normal `title` attribute and letting
Rails escape the value, which also negates the need for us to call
`sanitize` on it.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126
2016-04-17 18:42:49 -04:00