Use only escaped auto_link

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
gitlabhq · Oct 6, 2014 · 2991149 · 2991149
1 parent 90c96d1
commit 2991149
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -259,4 +259,8 @@ def link_to(name = nil, options = nil, html_options = nil, &block)
 
     super
   end
+
+  def escaped_autolink(text)
+    auto_link ERB::Util.html_escape(text), link: :urls
+  end
 end
diff --git a/app/views/groups/show.html.haml b/app/views/groups/show.html.haml
@@ -24,7 +24,7 @@
           = @group.name
         - if @group.description.present?
           %p
-            = auto_link @group.description, link: :urls
+            = escaped_autolink(@group.description)
     = render "projects", projects: @projects
     - if current_user
       .prepend-top-20

diff --git a/app/views/projects/_home_panel.html.haml b/app/views/projects/_home_panel.html.haml
@@ -3,7 +3,7 @@
   .project-home-row
     .project-home-desc
       - if @project.description.present?
-        = auto_link ERB::Util.html_escape(@project.description), link: :urls
+        = escaped_autolink(@project.description)
       - if can?(current_user, :admin_project, @project)
         &ndash;
         = link_to 'Edit', edit_project_path