• Douwe Maan's avatar
    Merge branch 'rs-issue-15126' into 'master' · 2c9cd67f
    Douwe Maan authored
    Remove persistent XSS vulnerability in `commit_person_link` helper
    
    Because we were incorrectly supplying the tooltip title as
    `data-original-title` (which Bootstrap's Tooltip JS automatically
    applies based on the `title` attribute; we should never be setting it
    directly), the value was being passed through as-is.
    
    Instead, we should be supplying the normal `title` attribute and letting
    Rails escape the value, which also negates the need for us to call
    `sanitize` on it.
    
    Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126
    
    See merge request !1948
    Signed-off-by: Rémy Coutable's avatarRémy Coutable <remy@rymai.me>
    2c9cd67f
Name
Last commit
Last update
app Loading commit data...
bin Loading commit data...
builds Loading commit data...
config Loading commit data...
db Loading commit data...
doc Loading commit data...
docker Loading commit data...
features Loading commit data...
fixtures/emojis Loading commit data...
lib Loading commit data...
log Loading commit data...
public Loading commit data...
scripts Loading commit data...
shared Loading commit data...
spec Loading commit data...
tmp Loading commit data...
vendor/assets Loading commit data...
.flayignore Loading commit data...
.foreman Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
.hound.yml Loading commit data...
.pkgr.yml Loading commit data...
.rspec Loading commit data...
.rubocop.yml Loading commit data...
.ruby-version Loading commit data...
.simplecov Loading commit data...
.teatro.yml Loading commit data...
CHANGELOG Loading commit data...
CONTRIBUTING.md Loading commit data...
GITLAB_SHELL_VERSION Loading commit data...
GITLAB_WORKHORSE_VERSION Loading commit data...
Gemfile Loading commit data...
Gemfile.lock Loading commit data...
LICENSE Loading commit data...
MAINTENANCE.md Loading commit data...
PROCESS.md Loading commit data...
Procfile Loading commit data...
README.md Loading commit data...
Rakefile Loading commit data...
VERSION Loading commit data...
config.ru Loading commit data...
doc_styleguide.md Loading commit data...
docker-compose.yml Loading commit data...