Skip to content

G
gitlab-foss

李少辉-开发者 / gitlab-foss

通知 15
Star 0
Fork 0
G
gitlab-foss

体验新版 GitCode,发现更多精彩内容 >>

提交 1ff896f2 编写于 作者: A Alejandro Rodríguez
浏览文件
操作

Escaping the `object_link_text` on cross project milestone references

上级 6d9794d4
隐藏空白更改
内联 并排
Showing with 7 addition and 1 deletion
lib/banzai/filter/milestone_reference_filter.rb
浏览文件 @ 1ff896f2
...@@ -39,7 +39,7 @@ module Banzai ...@@ -39,7 +39,7 @@ module Banzai
if context[:project] == object.project if context[:project] == object.project
super super
else else
"#{super} <i>in #{escape_once(object.project.name_with_namespace)}</i>". "#{escape_once(super)} <i>in #{escape_once(object.project.name_with_namespace)}</i>".
html_safe html_safe
end end
end end
......
spec/lib/banzai/filter/milestone_reference_filter_spec.rb
浏览文件 @ 1ff896f2
...@@ -176,5 +176,11 @@ describe Banzai::Filter::MilestoneReferenceFilter, lib: true do ...@@ -176,5 +176,11 @@ describe Banzai::Filter::MilestoneReferenceFilter, lib: true do
it 'contains cross project content' do it 'contains cross project content' do
expect(result.css('a').first.text).to eq "#{milestone.name} in #{project_name}" expect(result.css('a').first.text).to eq "#{milestone.name} in #{project_name}"
end end
it 'escapes the name attribute' do
allow_any_instance_of(Milestone).to receive(:title).and_return(%{"></a>whatever<a title="})
doc = reference_filter("See #{reference}")
expect(doc.css('a').first.text).to eq "#{milestone.name} in #{project_name}"
end
end end
end end
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册