Commit 52c5d9a6 authored by Fatih Acet's avatar Fatih Acet 🤙

Merge branch...

Merge branch '37673-minor-issue-with-apostrophe-single-quote-when-clicking-assign-to-me' into 'master'

Fix escape name in assignYourself

Closes #37673

See merge request gitlab-org/gitlab-ce!24673
parents b64e261b 6c199005
......@@ -93,23 +93,22 @@ function UsersSelect(currentUser, els, options = {}) {
}
// Save current selected user to the DOM
const input = document.createElement('input');
input.type = 'hidden';
input.name = $dropdown.data('fieldName');
const currentUserInfo = $dropdown.data('currentUserInfo');
if (currentUserInfo) {
input.value = currentUserInfo.id;
input.dataset.meta = _.escape(currentUserInfo.name);
} else if (_this.currentUser) {
input.value = _this.currentUser.id;
}
const currentUserInfo = $dropdown.data('currentUserInfo') || {};
const currentUser = _this.currentUser || {};
const fieldName = $dropdown.data('fieldName');
const userName = currentUserInfo.name;
const userId = currentUserInfo.id || currentUser.id;
const inputHtmlString = _.template(`
<input type="hidden" name="<%- fieldName %>"
data-meta="<%- userName %>"
value="<%- userId %>" />
`)({ fieldName, userName, userId });
if ($selectbox) {
$dropdown.parent().before(input);
$dropdown.parent().before(inputHtmlString);
} else {
$dropdown.after(input);
$dropdown.after(inputHtmlString);
}
};
......
---
title: Fix username escaping when using assign to me for issues
merge_request: 24673
author:
type: fixed
......@@ -93,4 +93,22 @@ describe "User creates issue" do
end
end
end
context "when signed in as user with special characters in their name" do
let(:user_special) { create(:user, name: "Jon O'Shea") }
before do
project.add_developer(user_special)
sign_in(user_special)
visit(new_project_issue_path(project))
end
it "will correctly escape user names with an apostrophe when clicking 'Assign to me'", :js do
first('.assign-to-me-link').click
expect(page).to have_content(user_special.name)
expect(page.find('input[name="issue[assignee_ids][]"]', visible: false)['data-meta']).to eq(user_special.name)
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment