Commit 6c199005 authored by Ezekiel Kigbo's avatar Ezekiel Kigbo 🇦🇺 Committed by Fatih Acet

Fix username escaping when clicking 'assign to me'

Add spec for assigning user with apostrophe in name
parent b64e261b
......@@ -93,23 +93,22 @@ function UsersSelect(currentUser, els, options = {}) {
}
// Save current selected user to the DOM
const input = document.createElement('input');
input.type = 'hidden';
input.name = $dropdown.data('fieldName');
const currentUserInfo = $dropdown.data('currentUserInfo');
if (currentUserInfo) {
input.value = currentUserInfo.id;
input.dataset.meta = _.escape(currentUserInfo.name);
} else if (_this.currentUser) {
input.value = _this.currentUser.id;
}
const currentUserInfo = $dropdown.data('currentUserInfo') || {};
const currentUser = _this.currentUser || {};
const fieldName = $dropdown.data('fieldName');
const userName = currentUserInfo.name;
const userId = currentUserInfo.id || currentUser.id;
const inputHtmlString = _.template(`
<input type="hidden" name="<%- fieldName %>"
data-meta="<%- userName %>"
value="<%- userId %>" />
`)({ fieldName, userName, userId });
if ($selectbox) {
$dropdown.parent().before(input);
$dropdown.parent().before(inputHtmlString);
} else {
$dropdown.after(input);
$dropdown.after(inputHtmlString);
}
};
......
---
title: Fix username escaping when using assign to me for issues
merge_request: 24673
author:
type: fixed
......@@ -93,4 +93,22 @@ describe "User creates issue" do
end
end
end
context "when signed in as user with special characters in their name" do
let(:user_special) { create(:user, name: "Jon O'Shea") }
before do
project.add_developer(user_special)
sign_in(user_special)
visit(new_project_issue_path(project))
end
it "will correctly escape user names with an apostrophe when clicking 'Assign to me'", :js do
first('.assign-to-me-link').click
expect(page).to have_content(user_special.name)
expect(page.find('input[name="issue[assignee_ids][]"]', visible: false)['data-meta']).to eq(user_special.name)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment