Skip to content

G
gitlab-ce
Commit 24d58296 authored by GitLab Bot's avatar GitLab Bot
Browse files
Options

Automatic merge of gitlab-org/gitlab-ce master

parents 260cd2af c509b35b
Show whitespace changes
Inline Side-by-side
Showing with 40 additions and 14 deletions
app/assets/javascripts/lib/graphql.js
View file @ 24d58296
...@@ -3,12 +3,12 @@ import { InMemoryCache } from 'apollo-cache-inmemory'; ...@@ -3,12 +3,12 @@ import { InMemoryCache } from 'apollo-cache-inmemory';
import { createUploadLink } from 'apollo-upload-client'; import { createUploadLink } from 'apollo-upload-client';
import csrf from '~/lib/utils/csrf'; import csrf from '~/lib/utils/csrf';
export default (resolvers = {}, baseUrl = '') => { export default (resolvers = {}, config = {}) => {
let uri = `${gon.relative_url_root}/api/graphql`; let uri = `${gon.relative_url_root}/api/graphql`;
if (baseUrl) { if (config.baseUrl) {
// Prepend baseUrl and ensure that `///` are replaced with `/` // Prepend baseUrl and ensure that `///` are replaced with `/`
uri = `${baseUrl}${uri}`.replace(/\/{3,}/g, '/'); uri = `${config.baseUrl}${uri}`.replace(/\/{3,}/g, '/');
} }
return new ApolloClient({ return new ApolloClient({
...@@ -18,7 +18,7 @@ export default (resolvers = {}, baseUrl = '') => { ...@@ -18,7 +18,7 @@ export default (resolvers = {}, baseUrl = '') => {
[csrf.headerKey]: csrf.token, [csrf.headerKey]: csrf.token,
}, },
}), }),
cache: new InMemoryCache(), cache: new InMemoryCache(config.cacheConfig),
resolvers, resolvers,
}); });
}; };
changelogs/unreleased/fix-milestone-references-with-escaped-html-entities.yml 0 → 100644
View file @ 24d58296
---
title: Fix milestone references containing &, <, or >
merge_request: 28667
author:
type: fixed
lib/banzai/filter/abstract_reference_filter.rb
View file @ 24d58296
...@@ -363,6 +363,14 @@ module Banzai ...@@ -363,6 +363,14 @@ module Banzai
group_ref group_ref
end end
def unescape_html_entities(text)
CGI.unescapeHTML(text.to_s)
end
def escape_html_entities(text)
CGI.escapeHTML(text.to_s)
end
end end
end end
end end
......
lib/banzai/filter/label_reference_filter.rb
View file @ 24d58296
...@@ -104,14 +104,6 @@ module Banzai ...@@ -104,14 +104,6 @@ module Banzai
matches[:namespace] && matches[:project] matches[:namespace] && matches[:project]
end end
def unescape_html_entities(text)
CGI.unescapeHTML(text.to_s)
end
def escape_html_entities(text)
CGI.escapeHTML(text.to_s)
end
def object_link_title(object, matches) def object_link_title(object, matches)
# use title of wrapped element instead # use title of wrapped element instead
nil nil
......
lib/banzai/filter/milestone_reference_filter.rb
View file @ 24d58296
...@@ -51,13 +51,13 @@ module Banzai ...@@ -51,13 +51,13 @@ module Banzai
# default implementation. # default implementation.
return super(text, pattern) if pattern != Milestone.reference_pattern return super(text, pattern) if pattern != Milestone.reference_pattern
text.gsub(pattern) do |match| unescape_html_entities(text).gsub(pattern) do |match|
milestone = find_milestone($~[:project], $~[:namespace], $~[:milestone_iid], $~[:milestone_name]) milestone = find_milestone($~[:project], $~[:namespace], $~[:milestone_iid], $~[:milestone_name])
if milestone if milestone
yield match, milestone.id, $~[:project], $~[:namespace], $~ yield match, milestone.id, $~[:project], $~[:namespace], $~
else else
match escape_html_entities(match)
end end
end end
end end
......
spec/lib/banzai/filter/milestone_reference_filter_spec.rb
View file @ 24d58296
...@@ -295,6 +295,25 @@ describe Banzai::Filter::MilestoneReferenceFilter do ...@@ -295,6 +295,25 @@ describe Banzai::Filter::MilestoneReferenceFilter do
end end
end end
shared_examples 'references with HTML entities' do
before do
milestone.update!(title: '&lt;html&gt;')
end
it 'links to a valid reference' do
doc = reference_filter('See %"&lt;html&gt;"')
expect(doc.css('a').first.attr('href')).to eq urls.milestone_url(milestone)
expect(doc.text).to eq 'See %<html>'
end
it 'ignores invalid milestone names and escapes entities' do
act = %(Milestone %"&lt;non valid&gt;")
expect(reference_filter(act).to_html).to eq act
end
end
shared_context 'project milestones' do shared_context 'project milestones' do
let(:reference) { milestone.to_reference(format: :iid) } let(:reference) { milestone.to_reference(format: :iid) }
...@@ -307,6 +326,7 @@ describe Banzai::Filter::MilestoneReferenceFilter do ...@@ -307,6 +326,7 @@ describe Banzai::Filter::MilestoneReferenceFilter do
it_behaves_like 'cross-project / cross-namespace complete reference' it_behaves_like 'cross-project / cross-namespace complete reference'
it_behaves_like 'cross-project / same-namespace complete reference' it_behaves_like 'cross-project / same-namespace complete reference'
it_behaves_like 'cross project shorthand reference' it_behaves_like 'cross project shorthand reference'
it_behaves_like 'references with HTML entities'
end end
shared_context 'group milestones' do shared_context 'group milestones' do
...@@ -317,6 +337,7 @@ describe Banzai::Filter::MilestoneReferenceFilter do ...@@ -317,6 +337,7 @@ describe Banzai::Filter::MilestoneReferenceFilter do
it_behaves_like 'String-based single-word references' it_behaves_like 'String-based single-word references'
it_behaves_like 'String-based multi-word references in quotes' it_behaves_like 'String-based multi-word references in quotes'
it_behaves_like 'referencing a milestone in a link href' it_behaves_like 'referencing a milestone in a link href'
it_behaves_like 'references with HTML entities'
it 'does not support references by IID' do it 'does not support references by IID' do
doc = reference_filter("See #{Milestone.reference_prefix}#{milestone.iid}") doc = reference_filter("See #{Milestone.reference_prefix}#{milestone.iid}")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7