diff options
author | kushalpandya <kushal@gitlab.com> | 2017-05-15 14:34:02 +0530 |
---|---|---|
committer | kushalpandya <kushal@gitlab.com> | 2017-05-15 14:34:02 +0530 |
commit | f4b463e5d75d1f952306515a20ee90656e800889 (patch) | |
tree | 0a9f57a4c66326e6ca283d4821b96fd1b48f6a0c | |
parent | 8f9f61faa0dedaf6d00d982d089d4c86be31a8f4 (diff) | |
download | gitlab-ce-32016-escape-instant-comments-and-slash-commands.tar.gz |
Update tests for slash commands32016-escape-instant-comments-and-slash-commands
-rw-r--r-- | spec/javascripts/notes_spec.js | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/spec/javascripts/notes_spec.js b/spec/javascripts/notes_spec.js index 2070aa3a78c..8243a9c991a 100644 --- a/spec/javascripts/notes_spec.js +++ b/spec/javascripts/notes_spec.js @@ -377,7 +377,7 @@ import '~/notes'; }); it('should return true when comment begins with a slash command', () => { - const sampleComment = '/wip \n/milestone %1.0 \n/merge \n/unassign Merging this'; + const sampleComment = '/wip\n/milestone %1.0\n/merge\n/unassign Merging this'; const hasSlashCommands = this.notes.hasSlashCommands(sampleComment); expect(hasSlashCommands).toBeTruthy(); @@ -401,7 +401,7 @@ import '~/notes'; describe('stripSlashCommands', () => { it('should strip slash commands from the comment which begins with a slash command', () => { this.notes = new Notes(); - const sampleComment = '/wip \n/milestone %1.0 \n/merge \n/unassign Merging this'; + const sampleComment = '/wip\n/milestone %1.0\n/merge\n/unassign Merging this'; const stripedComment = this.notes.stripSlashCommands(sampleComment); expect(stripedComment).toBe(''); @@ -409,7 +409,7 @@ import '~/notes'; it('should strip slash commands from the comment but leaves plain comment if it is present', () => { this.notes = new Notes(); - const sampleComment = '/wip \n/milestone %1.0 \n/merge \n/unassign \nMerging this'; + const sampleComment = '/wip\n/milestone %1.0\n/merge\n/unassign\nMerging this'; const stripedComment = this.notes.stripSlashCommands(sampleComment); expect(stripedComment).toBe('Merging this'); @@ -432,12 +432,25 @@ import '~/notes'; beforeEach(() => { this.notes = new Notes('', []); + spyOn(_, 'escape').and.callFake((comment) => { + const escapedString = comment.replace(/["&'<>]/g, (a) => { + const escapedToken = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''', + '`': '`' + }[a]; + + return escapedToken; + }); + + return escapedString; + }); }); it('should return constructed placeholder element for regular note based on form contents', () => { - spyOn(_, 'escape').and.callFake((comment) => { - return comment; - }); const $tempNote = this.notes.createPlaceholderNote({ formContent: sampleComment, uniqueId, @@ -447,7 +460,6 @@ import '~/notes'; }); const $tempNoteHeader = $tempNote.find('.note-header'); - expect(_.escape).toHaveBeenCalledWith(sampleComment); expect($tempNote.prop('nodeName')).toEqual('LI'); expect($tempNote.attr('id')).toEqual(uniqueId); $tempNote.find('.timeline-icon > a, .note-header-info > a').each(function() { @@ -459,6 +471,20 @@ import '~/notes'; expect($tempNote.find('.note-body .note-text p').text().trim()).toEqual(sampleComment); }); + it('should escape HTML characters from note based on form contents', () => { + const commentWithHtml = '<script>alert("Boom!");</script>'; + const $tempNote = this.notes.createPlaceholderNote({ + formContent: commentWithHtml, + uniqueId, + isDiscussionNote: false, + currentUsername, + currentUserFullname + }); + + expect(_.escape).toHaveBeenCalledWith(commentWithHtml); + expect($tempNote.find('.note-body .note-text p').html()).toEqual('<script>alert("Boom!");</script>'); + }); + it('should return constructed placeholder element for discussion note based on form contents', () => { const $tempNote = this.notes.createPlaceholderNote({ formContent: sampleComment, |