A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.
To support this, we need to change all `:javascript` HAML filters to the
following form:
```
= javascript_tag nonce: true do
:plain
...
```
We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.
- Compare versions header is full width except in the unified diff mode
with no tree sidebar
- Bar is always full width, but the content within stays centered when
unified and no tree sidebar
- File header is the same height as the "Compare versions header"
- aligns with the design system grid guidelines => 56px
- Diff file headers use a button group, switch icon order to open file
externally being the last option, all buttons will become icon buttons
(icon delivery by @dimitrieh)
- If a file header becomes sticky no rounded corner/double border
problem is visible anymore
- Add an ID to the diff content
- handle clicking on file name in diffFileHeader when it is not a link
to another page but rather a link to an element on the page
Does following enhancements to `convertObjectPropsToCamelCase` helper;
- Adds support for `dropKeys` within options param
to discard properties.
- Adds support for `allowKeys` within options param
to skip converting property names.
This file tree displays all the diff files in a tree like format
Each file is taken and converted into a tree with folders
Each folder can be toggled open & closed
Clicking a file will scroll to the diff file & highlight with a glow affect
Searching the tree list will search only files & return a list of the
files without any folders
Each file row contains an icon to show changed, new file or deleted
Each row will also contain the added & removed lines count
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14249
GitLab Bot
Kushal Pandya
Stan Hu
Paul Slaughter
Martin Hanzel
Lukas Eipert
Justin Boyson
Rajat Jain
Sam Bigelow
Filipa Lacerda
Winnie Hellmann
Constance Okoghenun
Adriel Santiago
André Luís
Thomas Pathier
Phil Hughes
Johann Hubert Sonntagbauer
Tim Zallmann
Simon Knox
Kushal Pandya