@ -4,6 +4,7 @@
import './publicpath.js' ;
import './publicpath.js' ;
import Vue from 'vue' ;
import Vue from 'vue' ;
import { htmlEscape } from 'escape-goat' ;
import 'jquery.are-you-sure' ;
import 'jquery.are-you-sure' ;
import './vendor/semanticdropdown.js' ;
import './vendor/semanticdropdown.js' ;
@ -25,10 +26,6 @@ import {svg, svgs} from './svg.js';
const { AppSubUrl , StaticUrlPrefix , csrf } = window . config ;
const { AppSubUrl , StaticUrlPrefix , csrf } = window . config ;
function htmlEncode ( text ) {
return jQuery ( '<div />' ) . text ( text ) . html ( ) ;
}
let previewFileModes ;
let previewFileModes ;
const commentMDEditors = { } ;
const commentMDEditors = { } ;
@ -528,12 +525,12 @@ function initCommentForm() {
switch ( input_id ) {
switch ( input_id ) {
case '#milestone_id' :
case '#milestone_id' :
$list . find ( '.selected' ) . html ( ` <a class="item" href= ${ $ ( this ) . data ( 'href' ) } > ${
$list . find ( '.selected' ) . html ( ` <a class="item" href= ${ $ ( this ) . data ( 'href' ) } > ${
htmlEncod e ( $ ( this ) . text ( ) ) } < / a > ` ) ;
htmlEscap e ( $ ( this ) . text ( ) ) } < / a > ` ) ;
break ;
break ;
case '#assignee_id' :
case '#assignee_id' :
$list . find ( '.selected' ) . html ( ` <a class="item" href= ${ $ ( this ) . data ( 'href' ) } > ` +
$list . find ( '.selected' ) . html ( ` <a class="item" href= ${ $ ( this ) . data ( 'href' ) } > ` +
` <img class="ui avatar image" src= ${ $ ( this ) . data ( 'avatar' ) } > ${
` <img class="ui avatar image" src= ${ $ ( this ) . data ( 'avatar' ) } > ${
htmlEncod e ( $ ( this ) . text ( ) ) } < / a > ` ) ;
htmlEscap e ( $ ( this ) . text ( ) ) } < / a > ` ) ;
}
}
$ ( ` .ui ${ select_id } .list .no-select ` ) . addClass ( 'hide' ) ;
$ ( ` .ui ${ select_id } .list .no-select ` ) . addClass ( 'hide' ) ;
$ ( input_id ) . val ( $ ( this ) . data ( 'id' ) ) ;
$ ( input_id ) . val ( $ ( this ) . data ( 'id' ) ) ;
@ -1944,7 +1941,7 @@ function searchUsers() {
$ . each ( response . data , ( _i , item ) => {
$ . each ( response . data , ( _i , item ) => {
let title = item . login ;
let title = item . login ;
if ( item . full_name && item . full_name . length > 0 ) {
if ( item . full_name && item . full_name . length > 0 ) {
title += ` ( ${ htmlEncod e ( item . full_name ) } ) ` ;
title += ` ( ${ htmlEscap e ( item . full_name ) } ) ` ;
}
}
items . push ( {
items . push ( {
title ,
title ,
@ -2220,7 +2217,7 @@ function initTemplateSearch() {
// Parse the response from the api to work with our dropdown
// Parse the response from the api to work with our dropdown
$ . each ( response . data , ( _r , repo ) => {
$ . each ( response . data , ( _r , repo ) => {
filteredResponse . results . push ( {
filteredResponse . results . push ( {
name : htmlEncod e ( repo . full_name ) ,
name : htmlEscap e ( repo . full_name ) ,
value : repo . id
value : repo . id
} ) ;
} ) ;
} ) ;
} ) ;
@ -3500,8 +3497,8 @@ function initIssueList() {
return ;
return ;
}
}
filteredResponse . results . push ( {
filteredResponse . results . push ( {
name : ` # ${ issue . number } ${ htmlEncod e ( issue . title )
} < div class = "text small dont-break-out" > $ { htmlEncod e ( issue . repository . full_name ) } < / d i v > ` ,
name : ` # ${ issue . number } ${ htmlEscap e ( issue . title )
} < div class = "text small dont-break-out" > $ { htmlEscap e ( issue . repository . full_name ) } < / d i v > ` ,
value : issue . id
value : issue . id
} ) ;
} ) ;
} ) ;
} ) ;