From 776d70d11b822e5991d518e91b138853275ef42c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rub=C3=A9n=20D=C3=A1vila?= <rdavila84@gmail.com>
Date: Wed, 6 Jan 2016 19:54:36 -0500
Subject: [PATCH] Use #html_safe instead of #raw in some diff views. #3945

---
 app/views/projects/blob/diff.html.haml            | 2 +-
 app/views/projects/diffs/_parallel_view.html.haml | 4 ++--
 app/views/projects/diffs/_text_file.html.haml     | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/views/projects/blob/diff.html.haml b/app/views/projects/blob/diff.html.haml
index 9d8f6ecb3ac..ef23876677a 100644
--- a/app/views/projects/blob/diff.html.haml
+++ b/app/views/projects/blob/diff.html.haml
@@ -11,7 +11,7 @@
       %td.old_line.diff-line-num{data: {linenumber: line_old}}
         = link_to raw(line_old), "#"
       %td.new_line= link_to raw(line_new) , "#"
-      %td.line_content.noteable_line= raw("#{' ' * @form.indent}#{line}")
+      %td.line_content.noteable_line= "#{' ' * @form.indent}#{line}".html_safe
 
   - if @form.unfold? && @form.bottom? && @form.to < @blob.loc
     %tr.line_holder{ id: @form.to }
diff --git a/app/views/projects/diffs/_parallel_view.html.haml b/app/views/projects/diffs/_parallel_view.html.haml
index 4ded4d2daad..6a7d4f2db20 100644
--- a/app/views/projects/diffs/_parallel_view.html.haml
+++ b/app/views/projects/diffs/_parallel_view.html.haml
@@ -20,7 +20,7 @@
             = link_to raw(line_number_left), "##{line_code_left}", id: line_code_left
             - if @comments_allowed && can?(current_user, :create_note, @project)
               = link_to_new_diff_note(line_code_left, 'old')
-            %td.line_content{class: "parallel noteable_line #{type_left} #{line_code_left}", "line_code" => line_code_left }= raw(line_content_left)
+            %td.line_content{class: "parallel noteable_line #{type_left} #{line_code_left}", "line_code" => line_code_left }= line_content_left.html_safe
 
           - if type_right == 'new'
             - new_line_class = 'new'
@@ -33,7 +33,7 @@
             = link_to raw(line_number_right), "##{new_line_code}", id: new_line_code
             - if @comments_allowed && can?(current_user, :create_note, @project)
               = link_to_new_diff_note(line_code_right, 'new')
-            %td.line_content.parallel{class: "noteable_line #{new_line_class} #{new_line_code}", "line_code" => new_line_code}= raw(line_content_right)
+            %td.line_content.parallel{class: "noteable_line #{new_line_class} #{new_line_code}", "line_code" => new_line_code}= line_content_right.html_safe
 
       - if @reply_allowed
         - comments_left, comments_right = organize_comments(type_left, type_right, line_code_left, line_code_right)
diff --git a/app/views/projects/diffs/_text_file.html.haml b/app/views/projects/diffs/_text_file.html.haml
index 059d0baf45e..5509d5403b0 100644
--- a/app/views/projects/diffs/_text_file.html.haml
+++ b/app/views/projects/diffs/_text_file.html.haml
@@ -21,8 +21,8 @@
           - if @comments_allowed && can?(current_user, :create_note, @project)
             = link_to_new_diff_note(line_code)
         %td.new_line{data: {linenumber: line.new_pos}}
-          = link_to raw(type == "old" ? "&nbsp;" : line.new_pos) , "##{line_code}", id: line_code
-        %td.line_content{class: "noteable_line #{type} #{line_code}", "line_code" => line_code}= raw(diff_line_content(line.text))
+          = link_to raw(type == "old" ? "&nbsp;" : line.new_pos), "##{line_code}", id: line_code
+        %td.line_content{class: "noteable_line #{type} #{line_code}", "line_code" => line_code}= diff_line_content(line.text).html_safe
 
     - if @reply_allowed
       - comments = @line_notes.select { |n| n.line_code == line_code && n.active? }.sort_by(&:created_at)
-- 
GitLab