Replace html_escaped with ERB::Util.html_escaped (!139632) · Merge requests · GitLab.org / GitLab

Daniel requested to merge xFuture603/gitlab:issue_432964_fix_top_level_calls_to_html_escape into master Dec 13, 2023

What does this MR do and why?

This MR solves issue #432964. I will fix all top-level calls for html_escape and for html_escape_once to use specifically from ERB::Util.

I've viewed and changed every file from issue #432964 except two files:

https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/helpers/ee/labels_helper.rb (because I think this is just HTML/CSS styling)

and

https://gitlab.com/gitlab-org/gitlab/-/blame/master/lib/gitlab/string_range_marker.rb because here ERB::Util was already in use (https://gitlab.com/gitlab-org/gitlab/-/blame/master/lib/gitlab/string_range_marker.rb#L13).

Please leave a comment if this change is still missing in one of the two files, and then I will of course adjust it!

Screenshots or screen recordings

N/A

How to set up and validate locally

N/A

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Replace html_escaped with ERB::Util.html_escaped

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports