kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/features/steps
History
Robert Speicher 7cc239528e Remove persistent XSS vulnerability in `commit_person_link` helper 
Because we were incorrectly supplying the tooltip title as
`data-original-title` (which Bootstrap's Tooltip JS automatically
applies based on the `title` attribute; we should never be setting it
directly), the value was being passed through as-is.

Instead, we should be supplying the normal `title` attribute and letting
Rails escape the value, which also negates the need for us to call
`sanitize` on it.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126
 		2016-04-17 18:42:49 -04:00
..
admin Bring shared project feature tests from EE 2016-03-12 14:45:14 +01:00
dashboard Update number of Todos in the sidebar when it's marked as "Done" 2016-04-07 12:35:25 -03:00
explore fix failing tests 2016-02-23 08:42:29 +00:00
group Revert "Merge branch 'new-navigation-prototype' into 'master'" 2016-04-07 21:20:16 +00:00
profile Test changing notification settings per project fron notificaitons page 2016-03-30 10:44:20 +02:00
project Remove persistent XSS vulnerability in `commit_person_link` helper 2016-04-17 18:42:49 -04:00
shared Fixed tests 2016-04-16 16:13:16 -04:00
snippets Fix spec 2015-12-16 17:07:02 +01:00
abuse_reports.rb Partly implement new UI for user page 2015-10-16 13:24:28 +02:00
groups.rb Revert "Merge branch 'new-navigation-prototype' into 'master'" 2016-04-07 21:20:16 +00:00
invites.rb
search.rb Fix wiki search results point to raw source 2016-03-17 08:58:52 +09:00
snippet_search.rb
user.rb