Replace v-html with v-safe-html in repository file table rows (!70578) · Merge requests · GitLab.org / GitLab

Eugie Limpin requested to merge eugielimpin/remove-v-html into master Sep 17, 2021

What does this MR do and why?

Gitlab-org/gitlab lints against using v-html. It was implemented as per #232488 (closed) to prevent against XSS vulnerabilities and as part of the effort to improve frontend security posture.

The project has many v-html usages and we need to audit each one of them & replace with a secure alternative like v-safe-html or v-text wherever possible.

This MR replaces v-html with v-safe-html (by using GlSafeHTMLDirective) in app/assets/javascripts/repository/components/table/row.vue.

Screenshots or screen recordings

N/A

How to set up and validate locally

N/A

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 17, 2021 by Eugie Limpin

Replace v-html with v-safe-html in repository file table rows

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports