Skip to content
Snippets Groups Projects
Commit f837238a authored by Makoto Scott-Hinkle's avatar Makoto Scott-Hinkle Committed by Makoto Scott-Hinkle
Browse files

Allowing ">" to be used for Milestone models's title and storing the value in db as unescaped. 

Updating test value for milestone title

Adding API test for title with reserved HTML characters.

Updating changelog

Adding the MR number for fixing bug #22452.

removing duplicate line

Updating MR number.
parent ab496d82
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
CHANGELOG
+ 1
0
View file @ f837238a
@@ -4,6 +4,7 @@ v 8.13.0 (unreleased)
@@ -4,6 +4,7 @@ v 8.13.0 (unreleased)
- Speed-up group milestones show page - Speed-up group milestones show page
- Fix robots.txt disallowing access to groups starting with "s" (Matt Harrison) - Fix robots.txt disallowing access to groups starting with "s" (Matt Harrison)
- Revoke button in Applications Settings underlines on hover. - Revoke button in Applications Settings underlines on hover.
- Fix unnecessary escaping of reserved HTML characters in milestone title. !6533
   
v 8.12.2 (unreleased) v 8.12.2 (unreleased)
- Fix Import/Export not recognising correctly the imported services. - Fix Import/Export not recognising correctly the imported services.
app/models/milestone.rb
+ 5
1
View file @ f837238a
@@ -158,7 +158,7 @@ class Milestone < ActiveRecord::Base
@@ -158,7 +158,7 @@ class Milestone < ActiveRecord::Base
end end
   
def title=(value) def title=(value)
write_attribute(:title, Sanitize.clean(value.to_s)) if value.present? write_attribute(:title, sanitize_title(value)) if value.present?
end end
   
# Sorts the issues for the given IDs. # Sorts the issues for the given IDs.
@@ -204,4 +204,8 @@ class Milestone < ActiveRecord::Base
@@ -204,4 +204,8 @@ class Milestone < ActiveRecord::Base
iid iid
end end
end end
def sanitize_title(value)
CGI.unescape_html(Sanitize.clean(value.to_s))
end
end end
spec/models/milestone_spec.rb
+ 2
2
View file @ f837238a
@@ -20,10 +20,10 @@ describe Milestone, models: true do
@@ -20,10 +20,10 @@ describe Milestone, models: true do
let(:user) { create(:user) } let(:user) { create(:user) }
   
describe "#title" do describe "#title" do
let(:milestone) { create(:milestone, title: "<b>test</b>") } let(:milestone) { create(:milestone, title: "<b>foo & bar -> 2.2</b>") }
   
it "sanitizes title" do it "sanitizes title" do
expect(milestone.title).to eq("test") expect(milestone.title).to eq("foo & bar -> 2.2")
end end
end end
   
spec/requests/api/milestones_spec.rb
+ 8
0
View file @ f837238a
@@ -104,6 +104,14 @@ describe API::API, api: true do
@@ -104,6 +104,14 @@ describe API::API, api: true do
   
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
end end
it 'creates a new project with reserved html characters' do
post api("/projects/#{project.id}/milestones", user), title: 'foo & bar 1.1 -> 2.2'
expect(response).to have_http_status(201)
expect(json_response['title']).to eq('foo & bar 1.1 -> 2.2')
expect(json_response['description']).to be_nil
end
end end
   
describe 'PUT /projects/:id/milestones/:milestone_id' do describe 'PUT /projects/:id/milestones/:milestone_id' do
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment