Skip to content
Snippets Groups Projects
Commit a338954c authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets
Browse files

Merge branch 'prevent-html-injection' into 'master' 

Prevent html injection

Commits page renders commit description with single_format method which allows html tags. So commit message with html tags brokers Commits page. See screenshot

![Screenshot 2014-07-10 11.16.40](https://dev.gitlab.org/uploads/gitlab/gitlabhq/6606e1bac0/Screenshot_2014-07-10_11.16.40.png)

See merge request !959
parents 4fb5a39d 53a8d50b
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment