GitLab Bot
840d5ecdbb
Add latest changes from gitlab-org/gitlab@master
2020-07-02 15:09:08 +00:00
GitLab Bot
d6348d22dd
Add latest changes from gitlab-org/gitlab@master
2020-06-24 09:08:32 +00:00
GitLab Bot
db061f4432
Add latest changes from gitlab-org/gitlab@master
2020-04-22 18:09:52 +00:00
GitLab Bot
1808454313
Add latest changes from gitlab-org/gitlab@master
2020-01-31 12:08:33 +00:00
GitLab Bot
dea6ebd31a
Add latest changes from gitlab-org/gitlab@master
2019-09-30 12:06:01 +00:00
Ash McKenzie
19ff9d9899
Replace rails_helper.rb with spec_helper.rb
...
rails_helper.rb's only logic was to require
spec_helper.rb.
2019-08-30 12:26:18 +10:00
Tim Zallmann
c4e491909b
Added Class check to commits helper Spec
2019-01-04 16:59:03 +01:00
George Tsiolis
f611493912
Fix committer typo
2018-09-25 11:51:07 +03:00
Douwe Maan
4acab552be
Merge branch 'fix-escape-commit-block' into 'security-9-5'
...
[9.5] Prevent a persistent XSS in the commit author block
See merge request gitlab/gitlabhq!2180
2017-09-07 20:22:16 -04:00
Robert Speicher
72a7b30c9f
Change all :empty_project
to :project
2017-08-02 17:47:31 -04:00
Grzegorz Bizon
0430b76441
Enable Style/DotPosition Rubocop 👮
2017-06-21 13:48:12 +00:00
Douwe Maan
9d7c5e7584
Address feedback
2017-02-06 18:06:46 -06:00
Douwe Maan
3aa1264dc6
Add tests
2017-02-06 16:12:24 -06:00
Robert Speicher
7cc239528e
Remove persistent XSS vulnerability in commit_person_link
helper
...
Because we were incorrectly supplying the tooltip title as
`data-original-title` (which Bootstrap's Tooltip JS automatically
applies based on the `title` attribute; we should never be setting it
directly), the value was being passed through as-is.
Instead, we should be supplying the normal `title` attribute and letting
Rails escape the value, which also negates the need for us to call
`sanitize` on it.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126
2016-04-17 18:42:49 -04:00