a98b89e9bc
When we un-escape HTML text to find references in it, we should then re-escape the whole text again, not only found matches. Because we replace matches with milestone/label links (which contain HTML tags we don't want to escape again), we re-escape HTML text with placeholders instead of these links and then replace placeholders in the escaped text.
5 lines
130 B
YAML
5 lines
130 B
YAML
---
|
|
title: Make sure HTML text is always escaped when replacing label/milestone references.
|
|
merge_request:
|
|
author:
|
|
type: security
|