Skip to content
Snippets Groups Projects
Commit a8452529 authored by Arinde Eniola's avatar Arinde Eniola
Browse files

get the multi filter labels feature to work on merge request, also escape... 

get the multi filter labels feature to work on merge request, also escape characters in the templates to prevent xss attack
parent bea34843
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/assets/javascripts/dispatcher.js.coffee
+ 1
0
View file @ a8452529
@@ -58,6 +58,7 @@ class Dispatcher
@@ -58,6 +58,7 @@ class Dispatcher
when 'projects:merge_requests:index' when 'projects:merge_requests:index'
shortcut_handler = new ShortcutsNavigation() shortcut_handler = new ShortcutsNavigation()
MergeRequests.init() MergeRequests.init()
Issues.init()
when 'dashboard:activity' when 'dashboard:activity'
new Activities() new Activities()
when 'dashboard:projects:starred' when 'dashboard:projects:starred'
app/assets/javascripts/issues.js.coffee
+ 1
1
View file @ a8452529
@@ -21,7 +21,7 @@
@@ -21,7 +21,7 @@
Issue.labelRow = _.template( Issue.labelRow = _.template(
'<% _.each(labels, function(label){ %> '<% _.each(labels, function(label){ %>
<span class="label-row"> <span class="label-row">
<a href="#"><span class="label color-label has-tooltip" style="background-color: <%= label.color %>; color: #FFFFFF" title="<%= label.description %>" data-container="body"><%= label.title %></span></a> <a href="#"><span class="label color-label has-tooltip" style="background-color: <%= label.color %>; color: #FFFFFF" title="<%= _.escape(label.description) %>" data-container="body"><%= _.escape(label.title) %></span></a>
</span> </span>
<% }); %>' <% }); %>'
) )
app/assets/javascripts/merge_requests.js.coffee
+ 0
1
View file @ a8452529
@@ -3,7 +3,6 @@
@@ -3,7 +3,6 @@
# #
@MergeRequests = @MergeRequests =
init: -> init: ->
$('.filtered-labels').hide()
MergeRequests.initSearch() MergeRequests.initSearch()
   
# Make sure we trigger ajax request only after user stop typing # Make sure we trigger ajax request only after user stop typing
app/controllers/projects/merge_requests_controller.rb
+ 3
2
View file @ a8452529
@@ -38,13 +38,14 @@ class Projects::MergeRequestsController < Projects::ApplicationController
@@ -38,13 +38,14 @@ class Projects::MergeRequestsController < Projects::ApplicationController
@merge_requests = @merge_requests.page(params[:page]) @merge_requests = @merge_requests.page(params[:page])
@merge_requests = @merge_requests.preload(:target_project) @merge_requests = @merge_requests.preload(:target_project)
   
@label = @project.labels.find_by(title: params[:label_name]) @labels = @project.labels.where(title: params[:label_name])
   
respond_to do |format| respond_to do |format|
format.html format.html
format.json do format.json do
render json: { render json: {
html: view_to_html_string("projects/merge_requests/_merge_requests") html: view_to_html_string("projects/merge_requests/_merge_requests"),
labels: @labels
} }
end end
end end
app/views/shared/issuable/_filter.html.haml
+ 1
1
View file @ a8452529
@@ -46,7 +46,7 @@
@@ -46,7 +46,7 @@
.filter-item.inline .filter-item.inline
= button_tag "Update issues", class: "btn update_selected_issues btn-save" = button_tag "Update issues", class: "btn update_selected_issues btn-save"
   
.gray-content-block.second-block.filtered-labels{ class: ("hidden" if !@labels) } .gray-content-block.second-block.filtered-labels
- if @labels - if @labels
= render "shared/labels_row", labels: @labels = render "shared/labels_row", labels: @labels
   
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment