Commit 6c199005 authored by Ezekiel Kigbo's avatar Ezekiel Kigbo Committed by Fatih Acet

Fix username escaping when clicking 'assign to me'

Add spec for assigning user with apostrophe in name
parent b64e261b
......@@ -93,23 +93,22 @@ function UsersSelect(currentUser, els, options = {}) {
}
// Save current selected user to the DOM
const input = document.createElement('input');
input.type = 'hidden';
input.name = $dropdown.data('fieldName');
const currentUserInfo = $dropdown.data('currentUserInfo');
if (currentUserInfo) {
input.value = currentUserInfo.id;
input.dataset.meta = _.escape(currentUserInfo.name);
} else if (_this.currentUser) {
input.value = _this.currentUser.id;
}
const currentUserInfo = $dropdown.data('currentUserInfo') || {};
const currentUser = _this.currentUser || {};
const fieldName = $dropdown.data('fieldName');
const userName = currentUserInfo.name;
const userId = currentUserInfo.id || currentUser.id;
const inputHtmlString = _.template(`
<input type="hidden" name="<%- fieldName %>"
data-meta="<%- userName %>"
value="<%- userId %>" />
`)({ fieldName, userName, userId });
if ($selectbox) {
$dropdown.parent().before(input);
$dropdown.parent().before(inputHtmlString);
} else {
$dropdown.after(input);
$dropdown.after(inputHtmlString);
}
};
......
---
title: Fix username escaping when using assign to me for issues
merge_request: 24673
author:
type: fixed
......@@ -93,4 +93,22 @@ describe "User creates issue" do
end
end
end
context "when signed in as user with special characters in their name" do
let(:user_special) { create(:user, name: "Jon O'Shea") }
before do
project.add_developer(user_special)
sign_in(user_special)
visit(new_project_issue_path(project))
end
it "will correctly escape user names with an apostrophe when clicking 'Assign to me'", :js do
first('.assign-to-me-link').click
expect(page).to have_content(user_special.name)
expect(page.find('input[name="issue[assignee_ids][]"]', visible: false)['data-meta']).to eq(user_special.name)
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment