Sanitize default branch name in repo settings (!67567) · Merge requests · GitLab.org / GitLab

Dheeraj Joshi requested to merge djadmin-security-sanitize-default-branch-names into master Aug 05, 2021

What does this MR do?

This add defense-in-depth security improvement for default branch name values. This is done by adding validation to sanitize javascript tags from the input before saving it to the DB. This change affects

Group's repo settings
Admin's repo settings

Why?

This is done to prevent issues like #336460 (closed).

Screenshot / Demo

demo_sanitize_default_branch_name

Sanitize default branch name in repo settings

What does this MR do?

Why?

Screenshot / Demo

Related links

Merge request reports