Escape text passed directly to gfm

Robert Speicher
1 parent 496f88af
Showing 7 changed files with 7 additions and 7 deletions Show diff stats
app/views/events/_commit.html.haml
app/views/issues/show.html.haml
app/views/merge_requests/show/_mr_box.html.haml
app/views/milestones/show.html.haml
app/views/repositories/_branch.html.haml
app/views/repositories/_feed.html.haml
app/views/repositories/tags.html.haml
@@ -5,4 +5,4 @@
     %strong.cdark= commit.author_name
     &ndash;
     = image_tag gravatar_icon(commit.author_email), class: "avatar", width: 16
-    = gfm truncate(commit.title, length: 50) rescue "--broken encoding"
+    = gfm escape_once(truncate(commit.title, length: 50)) rescue "--broken encoding"
@@ -31,7 +31,7 @@
         .alert-message.error.status_info Closed
       - else
         .alert-message.success.status_info Open
-      = gfm @issue.title
+      = gfm escape_once(@issue.title)
   .middle_box_content
     %cite.cgray Created by
@@ -5,7 +5,7 @@
         .alert-message.error.status_info Closed
       - else
         .alert-message.success.status_info Open
-      = gfm @merge_request.title
+      = gfm escape_once(@merge_request.title)
   .middle_box_content
     %div
@@ -21,7 +21,7 @@
         .alert-message.error.status_info Closed
       - else
         .alert-message.success.status_info Open
-      = gfm @milestone.title
+      = gfm escape_once(@milestone.title)
       %small.right= @milestone.expires_at
   .middle_box_content
@@ -11,7 +11,7 @@
       %code= commit.short_id
     = image_tag gravatar_icon(commit.author_email), class: "", width: 16
-    = gfm truncate(commit.title, length: 40)
+    = gfm escape_once(truncate(commit.title, length: 40))
     %span.update-author.right
       = time_ago_in_words(commit.committed_date)
       ago
@@ -13,7 +13,7 @@
       = link_to project_commits_path(@project, commit.id) do
         %code= commit.short_id
       = image_tag gravatar_icon(commit.author_email), class: "", width: 16
-      = gfm truncate(commit.title, length: 40)
+      = gfm escape_once(truncate(commit.title, length: 40))
   %td
     %span.right.cgray
       = time_ago_in_words(commit.committed_date)
@@ -17,7 +17,7 @@
           = link_to project_commit_path(@project, commit.id) do
             %code= commit.short_id
           = image_tag gravatar_icon(commit.author_email), class: "", width: 16
-          = gfm truncate(commit.title, length: 40)
+          = gfm escape_once(truncate(commit.title, length: 40))
         %td
           %span.update-author.right
             = time_ago_in_words(commit.committed_date)
	@@ -5,4 +5,4 @@		@@ -5,4 +5,4 @@
5	%strong.cdark= commit.author_name	5	%strong.cdark= commit.author_name
6	–	6	–
7	= image_tag gravatar_icon(commit.author_email), class: "avatar", width: 16	7	= image_tag gravatar_icon(commit.author_email), class: "avatar", width: 16
8	- = gfm truncate(commit.title, length: 50) rescue "--broken encoding"	8	+ = gfm escape_once(truncate(commit.title, length: 50)) rescue "--broken encoding"
	@@ -31,7 +31,7 @@		@@ -31,7 +31,7 @@
31	.alert-message.error.status_info Closed	31	.alert-message.error.status_info Closed
32	- else	32	- else
33	.alert-message.success.status_info Open	33	.alert-message.success.status_info Open
34	- = gfm @issue.title	34	+ = gfm escape_once(@issue.title)
35		35
36	.middle_box_content	36	.middle_box_content
37	%cite.cgray Created by	37	%cite.cgray Created by
	@@ -5,7 +5,7 @@		@@ -5,7 +5,7 @@
5	.alert-message.error.status_info Closed	5	.alert-message.error.status_info Closed
6	- else	6	- else
7	.alert-message.success.status_info Open	7	.alert-message.success.status_info Open
8	- = gfm @merge_request.title	8	+ = gfm escape_once(@merge_request.title)
9		9
10	.middle_box_content	10	.middle_box_content
11	%div	11	%div
	@@ -21,7 +21,7 @@		@@ -21,7 +21,7 @@
21	.alert-message.error.status_info Closed	21	.alert-message.error.status_info Closed
22	- else	22	- else
23	.alert-message.success.status_info Open	23	.alert-message.success.status_info Open
24	- = gfm @milestone.title	24	+ = gfm escape_once(@milestone.title)
25	%small.right= @milestone.expires_at	25	%small.right= @milestone.expires_at
26		26
27	.middle_box_content	27	.middle_box_content
	@@ -11,7 +11,7 @@		@@ -11,7 +11,7 @@
11	%code= commit.short_id	11	%code= commit.short_id
12		12
13	= image_tag gravatar_icon(commit.author_email), class: "", width: 16	13	= image_tag gravatar_icon(commit.author_email), class: "", width: 16
14	- = gfm truncate(commit.title, length: 40)	14	+ = gfm escape_once(truncate(commit.title, length: 40))
15	%span.update-author.right	15	%span.update-author.right
16	= time_ago_in_words(commit.committed_date)	16	= time_ago_in_words(commit.committed_date)
17	ago	17	ago
	@@ -13,7 +13,7 @@		@@ -13,7 +13,7 @@
13	= link_to project_commits_path(@project, commit.id) do	13	= link_to project_commits_path(@project, commit.id) do
14	%code= commit.short_id	14	%code= commit.short_id
15	= image_tag gravatar_icon(commit.author_email), class: "", width: 16	15	= image_tag gravatar_icon(commit.author_email), class: "", width: 16
16	- = gfm truncate(commit.title, length: 40)	16	+ = gfm escape_once(truncate(commit.title, length: 40))
17	%td	17	%td
18	%span.right.cgray	18	%span.right.cgray
19	= time_ago_in_words(commit.committed_date)	19	= time_ago_in_words(commit.committed_date)
	@@ -17,7 +17,7 @@		@@ -17,7 +17,7 @@
17	= link_to project_commit_path(@project, commit.id) do	17	= link_to project_commit_path(@project, commit.id) do
18	%code= commit.short_id	18	%code= commit.short_id
19	= image_tag gravatar_icon(commit.author_email), class: "", width: 16	19	= image_tag gravatar_icon(commit.author_email), class: "", width: 16
20	- = gfm truncate(commit.title, length: 40)	20	+ = gfm escape_once(truncate(commit.title, length: 40))
21	%td	21	%td
22	%span.update-author.right	22	%span.update-author.right
23	= time_ago_in_words(commit.committed_date)	23	= time_ago_in_words(commit.committed_date)