gitlab-org--gitlab-foss/spec
Douwe Maan 60942bf581 Merge branch 'rs-issue-15126' into 'master'
Remove persistent XSS vulnerability in `commit_person_link` helper

Because we were incorrectly supplying the tooltip title as
`data-original-title` (which Bootstrap's Tooltip JS automatically
applies based on the `title` attribute; we should never be setting it
directly), the value was being passed through as-is.

Instead, we should be supplying the normal `title` attribute and letting
Rails escape the value, which also negates the need for us to call
`sanitize` on it.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126

See merge request !1948
2016-04-19 15:16:00 +00:00
..
config
controllers Check permissions when sharing project with group 2016-04-19 12:15:56 +02:00
factories Merge branch 'connorshea/gitlab-ce-revoke-authorized-application' into 'master' 2016-04-14 15:26:09 +00:00
features Merge branch 'rs-issue-15126' into 'master' 2016-04-19 15:16:00 +00:00
finders
fixtures
helpers Remove persistent XSS vulnerability in commit_person_link helper 2016-04-17 18:42:49 -04:00
initializers
javascripts Placeholder on milestone form 2016-04-14 10:28:05 +01:00
lib Merge branch 'make-before-after-overridable' into 'master' 2016-04-19 11:12:40 +00:00
mailers Improve 'auto fsck' admin emails 2016-04-18 10:58:40 +02:00
models Remove code that removes duplicate CI variables 2016-04-18 13:17:48 +02:00
requests Merge branch 'api-fix-annotated-tags' into 'master' 2016-04-19 12:31:31 +00:00
routing
services Refactor GitTagPushService and fig tags_push system event hook 2016-04-19 11:00:30 +02:00
support Added System Hooks for push and tag_push 2016-04-19 11:00:30 +02:00
tasks/gitlab
views
workers Destroy wikis uniformly 2016-04-18 11:03:53 +02:00
factories_spec.rb
rails_helper.rb
spec_helper.rb
teaspoon_env.rb