From: Go MAEDA <maeda@farend.jp>
Date: Fri, 19 Mar 2021 04:42:43 +0000 (+0000)
Subject: Sanitize HTML tags in wiki page names (#33820).
X-Git-Tag: 4.2.0~28
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=a18b8397ffb64a34b2db191a9161095bc317450b;p=redmine.git

Sanitize HTML tags in wiki page names (#33820).


git-svn-id: http://svn.redmine.org/redmine/trunk@20829 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index 0467d97db..431d67ae3 100644
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -1187,6 +1187,9 @@ function inlineAutoComplete(element) {
           selectTemplate: function (wikiPage) {
             return '[[' + wikiPage.original.value + ']]';
           },
+          menuItemTemplate: function (wikiPage) {
+            return sanitizeHTML(wikiPage.original.label);
+          },
           noMatchTemplate: function () {
             return '<span style:"visibility: hidden;"></span>';
           }