Merge branch 'issue_15434' into 'master'

Fixes XSS injection REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15434 **Without the fix** ![xss1](/uploads/0a7b0b15fb87066965a7c73f1dbaa815/xss1.gif) **With the fix** ![xss2](/uploads/473cfa0aa80656f24c58aebf1fd97fff/xss2.gif) See merge request !1952
author: Jacob Schatz <jschatz@gitlab.com> 2016-04-21 16:22:15 +0000
committer: Robert Speicher <rspeicher@gmail.com> 2016-04-25 16:01:48 -0400
commit: aae70565ee6a7019e422c967ec2276303f76912a (patch)
tree: 777b44b2ebe5194ce28d62bc193aee77a8d52d83
parent: 95fb7209a9ce05bd9efaf57a6a1ac08bfa69839c (diff)
download: gitlab-ce-aae70565ee6a7019e422c967ec2276303f76912a.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/app/assets/javascripts/commits.js.coffee b/app/assets/javascripts/commits.js.coffee
index ffd3627b1b0..0acb4c1955e 100644
--- a/app/assets/javascripts/commits.js.coffee
+++ b/app/assets/javascripts/commits.js.coffee
@@ -1,7 +1,7 @@
 class @CommitsList
   @timer = null
 
-  @init: (ref, limit) ->
+  @init: (limit) ->
     $("body").on "click", ".day-commits-table li.commit", (event) ->
       if event.target.nodeName != "A"
         location.href = $(this).attr("url")
diff --git a/app/views/projects/commits/show.html.haml b/app/views/projects/commits/show.html.haml
index c52cf25d40a..bcdb09208aa 100644
--- a/app/views/projects/commits/show.html.haml
+++ b/app/views/projects/commits/show.html.haml
@@ -39,4 +39,4 @@
 = spinner
 
 :javascript
-  CommitsList.init("#{@ref}", #{@limit});
+  CommitsList.init(#{@limit});
author	Jacob Schatz <jschatz@gitlab.com>	2016-04-21 16:22:15 +0000
committer	Robert Speicher <rspeicher@gmail.com>	2016-04-25 16:01:48 -0400
commit	aae70565ee6a7019e422c967ec2276303f76912a (patch)
tree	777b44b2ebe5194ce28d62bc193aee77a8d52d83
parent	95fb7209a9ce05bd9efaf57a6a1ac08bfa69839c (diff)
download	gitlab-ce-aae70565ee6a7019e422c967ec2276303f76912a.tar.gz