60942bf581
Remove persistent XSS vulnerability in `commit_person_link` helper Because we were incorrectly supplying the tooltip title as `data-original-title` (which Bootstrap's Tooltip JS automatically applies based on the `title` attribute; we should never be setting it directly), the value was being passed through as-is. Instead, we should be supplying the normal `title` attribute and letting Rails escape the value, which also negates the need for us to call `sanitize` on it. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126 See merge request !1948 |
||
---|---|---|
.. | ||
groups | ||
issuable | ||
milestones | ||
projects | ||
snippets | ||
_choose_group_avatar_button.html.haml | ||
_clone_panel.html.haml | ||
_commit_message_container.html.haml | ||
_confirm_modal.html.haml | ||
_event_filter.html.haml | ||
_field.html.haml | ||
_file_highlight.html.haml | ||
_group_form.html.haml | ||
_group_tips.html.haml | ||
_import_form.html.haml | ||
_issues.html.haml | ||
_label_row.html.haml | ||
_logo.svg | ||
_merge_requests.html.haml | ||
_milestone_expired.html.haml | ||
_milestones_filter.html.haml | ||
_new_commit_form.html.haml | ||
_new_project_item_select.html.haml | ||
_no_password.html.haml | ||
_no_ssh.html.haml | ||
_outdated_browser.html.haml | ||
_project_limit.html.haml | ||
_promo.html.haml | ||
_ref_switcher.html.haml | ||
_service_settings.html.haml | ||
_show_aside.html.haml | ||
_sort_dropdown.html.haml | ||
_visibility_level.html.haml | ||
_visibility_radios.html.haml |