Render label name contains ?, & in the labels dropdown without escaping

parent 5d11cf2e
...@@ -261,7 +261,7 @@ class @LabelsSelect ...@@ -261,7 +261,7 @@ class @LabelsSelect
$a.attr('data-label-id', label.id) $a.attr('data-label-id', label.id)
$a.addClass(selectedClass.join(' ')) $a.addClass(selectedClass.join(' '))
.html("#{colorEl} #{_.escape(label.title)}") .html("#{colorEl} #{label.title}")
# Return generated html # Return generated html
$li.html($a).prop('outerHTML') $li.html($a).prop('outerHTML')
...@@ -288,7 +288,7 @@ class @LabelsSelect ...@@ -288,7 +288,7 @@ class @LabelsSelect
fieldName: $dropdown.data('field-name') fieldName: $dropdown.data('field-name')
id: (label) -> id: (label) ->
if $dropdown.hasClass("js-filter-submit") and not label.isAny? if $dropdown.hasClass("js-filter-submit") and not label.isAny?
_.escape label.title label.title
else else
label.id label.id
......
- labels.each do |label| - labels.each do |label|
%span.label-row.btn-group{ role: "group", aria: { label: escape_once(label.name) }, style: "color: #{text_color_for_bg(label.color)}" } %span.label-row.btn-group{ role: "group", aria: { label: label.name }, style: "color: #{text_color_for_bg(label.color)}" }
= link_to label_filter_path(@project, label, type: controller.controller_name), = link_to label.name, label_filter_path(@project, label, type: controller.controller_name),
class: "btn btn-transparent has-tooltip", class: "btn btn-transparent has-tooltip",
style: "background-color: #{label.color};", style: "background-color: #{label.color};",
title: escape_once(label.description), title: escape_once(label.description),
data: { container: "body" } do data: { container: "body" }
= escape_once label.name
%button.btn.btn-transparent.label-remove.js-label-filter-remove{ type: "button", style: "background-color: #{label.color};", data: { label: label.title } } %button.btn.btn-transparent.label-remove.js-label-filter-remove{ type: "button", style: "background-color: #{label.color};", data: { label: label.title } }
= icon("times") = icon("times")
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment