diff options
| author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-06-20 18:33:01 -0300 |
|---|---|---|
| committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-07-05 20:57:09 -0300 |
| commit | ab811b6ab929d3f220e060c15c49bc075d91e5f2 (patch) | |
| tree | bbe8091322f85e1bdc9c5a91597f4723edf4f51b /app | |
| parent | e186626d25d5a24e2f2c5f0b5082b79bc8bd0ddf (diff) | |
| download | gitlab-ce-ab811b6ab929d3f220e060c15c49bc075d91e5f2.tar.gz | |
Render references for labels that name contains ?, or &
Diffstat (limited to 'app')
| -rw-r--r-- | app/assets/javascripts/gfm_auto_complete.js.coffee | 2 | ||||
| -rw-r--r-- | app/helpers/labels_helper.rb | 12 | ||||
| -rw-r--r-- | app/models/label.rb | 16 |
3 files changed, 15 insertions, 15 deletions
diff --git a/app/assets/javascripts/gfm_auto_complete.js.coffee b/app/assets/javascripts/gfm_auto_complete.js.coffee index b7d040bae85..4a851d9c9fb 100644 --- a/app/assets/javascripts/gfm_auto_complete.js.coffee +++ b/app/assets/javascripts/gfm_auto_complete.js.coffee @@ -190,7 +190,7 @@ GitLab.GfmAutoComplete = callbacks: beforeSave: (merges) -> sanitizeLabelTitle = (title)-> - if /\w+\s+\w+/g.test(title) + if /[\w\?&]+\s+[\w\?&]+/g.test(title) "\"#{sanitize(title)}\"" else sanitize(title) diff --git a/app/helpers/labels_helper.rb b/app/helpers/labels_helper.rb index 5e9f5837101..1f0d5d545c0 100644 --- a/app/helpers/labels_helper.rb +++ b/app/helpers/labels_helper.rb @@ -1,6 +1,12 @@ module LabelsHelper include ActionView::Helpers::TagHelper + TABLE_FOR_ESCAPE_HTML_ENTITIES = { + '&' => '&', + '<' => '<', + '>' => '>' + } + # Link to a Label # # label - Label object to link to @@ -130,7 +136,11 @@ module LabelsHelper label.subscribed?(current_user) ? 'Unsubscribe' : 'Subscribe' end + def unescape_html_entities(value) + value.to_s.gsub(/(>)|(<)|(&)/, TABLE_FOR_ESCAPE_HTML_ENTITIES.invert) + end + # Required for Banzai::Filter::LabelReferenceFilter module_function :render_colored_label, :render_colored_cross_project_label, - :text_color_for_bg, :escape_once + :text_color_for_bg, :escape_once, :unescape_html_entities end diff --git a/app/models/label.rb b/app/models/label.rb index 115f38c6dfe..086007d1864 100644 --- a/app/models/label.rb +++ b/app/models/label.rb @@ -58,8 +58,8 @@ class Label < ActiveRecord::Base (?: (?<label_id>\d+) | # Integer-based label ID, or (?<label_name> - [A-Za-z0-9_-]+ | # String-based single-word label title, or - "[^&\?,]+" # String-based multi-word label surrounded in quotes + [A-Za-z0-9_\-\?&]+ | # String-based single-word label title, or + "[^,]+" # String-based multi-word label surrounded in quotes ) ) }x @@ -134,16 +134,6 @@ class Label < ActiveRecord::Base end def sanitize_title(value) - unnescape_html_entities(Sanitize.clean(value.to_s)) + LabelsHelper.unescape_html_entities(Sanitize.clean(value.to_s)) end - - def unnescape_html_entities(value) - value.to_s.gsub(/(>)|(<)|(&)/, Label::TABLE_FOR_ESCAPE_HTML_ENTITIES.invert) - end - - TABLE_FOR_ESCAPE_HTML_ENTITIES = { - '&' => '&', - '<' => '<', - '>' => '>' - } end |