delta/gitlab/gitlab-ce.git - gitlab.com: gitlab-org/gitlab-ce.git

diff options

author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-07-10 09:16:48 +0000
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-07-10 09:16:48 +0000
commit	a338954c331ed451c7b7dd39b28b9649dfca26ba (patch)
tree	6885b670205be70cc0774fb17660e31c20946b97 /doc/development
parent	4fb5a39dc04822f1cfac1090a431e51fb43e7a07 (diff)
parent	53a8d50b2b1db9addf0f5fbcfa56db0fcc811073 (diff)
download	gitlab-ce-a338954c331ed451c7b7dd39b28b9649dfca26ba.tar.gz

Merge branch 'prevent-html-injection' into 'master'

Prevent html injection Commits page renders commit description with single_format method which allows html tags. So commit message with html tags brokers Commits page. See screenshot ![Screenshot 2014-07-10 11.16.40](https://dev.gitlab.org/uploads/gitlab/gitlabhq/6606e1bac0/Screenshot_2014-07-10_11.16.40.png) See merge request !959

Diffstat (limited to 'doc/development')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: