diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-08-18 22:59:19 +0000 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2016-08-19 13:43:23 -0500 |
| commit | 8b21b00fadfb43b23a7a6f460e19b6064470159c (patch) | |
| tree | cbc46a74879bb87f42e5990d6bea273baed44c8e | |
| parent | ea71c20d7f60641466c5928d6a22ddab6c739722 (diff) | |
| download | gitlab-ce-8b21b00fadfb43b23a7a6f460e19b6064470159c.tar.gz | |
Merge branch 'rs-issue-21017' into 'master'
Update Hamlit to 2.6.1
Fixes gitlab-org/gitlab-ce#21025 and gitlab-org/gitlab-ce#21017
See merge request !5873
(cherry picked from commit e26ce27d5bac302785086d426e7b1a4c5b33f74a)
| -rw-r--r-- | Gemfile | 2 | ||||
| -rw-r--r-- | Gemfile.lock | 4 | ||||
| -rw-r--r-- | spec/helpers/page_layout_helper_spec.rb | 9 | ||||
| -rw-r--r-- | spec/views/layouts/_head.html.haml_spec.rb | 36 |
4 files changed, 48 insertions, 3 deletions
@@ -76,7 +76,7 @@ gem 'rack-cors', '~> 0.4.0', require: 'rack/cors' gem 'kaminari', '~> 0.17.0' # HAML -gem 'hamlit', '~> 2.5' +gem 'hamlit', '~> 2.6.1' # Files attachments gem 'carrierwave', '~> 0.10.0' diff --git a/Gemfile.lock b/Gemfile.lock index d71d446186e..a5eddd17b27 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -317,7 +317,7 @@ GEM grape-entity (0.4.8) activesupport multi_json (>= 1.3.2) - hamlit (2.5.0) + hamlit (2.6.1) temple (~> 0.7.6) thor tilt @@ -869,7 +869,7 @@ DEPENDENCIES gon (~> 6.0.1) grape (~> 0.13.0) grape-entity (~> 0.4.2) - hamlit (~> 2.5) + hamlit (~> 2.6.1) health_check (~> 2.1.0) hipchat (~> 1.5.0) html-pipeline (~> 1.11.0) diff --git a/spec/helpers/page_layout_helper_spec.rb b/spec/helpers/page_layout_helper_spec.rb index cf632f594c7..dc07657e101 100644 --- a/spec/helpers/page_layout_helper_spec.rb +++ b/spec/helpers/page_layout_helper_spec.rb @@ -97,5 +97,14 @@ describe PageLayoutHelper do expect(tags).to include %q(<meta property="twitter:data1" content="bar" />) end end + + it 'escapes content' do + allow(helper).to receive(:page_card_attributes) + .and_return(foo: %q{foo" http-equiv="refresh}.html_safe) + + tags = helper.page_card_meta_tags + + expect(tags).to include(%q{content="foo" http-equiv="refresh"}) + end end end diff --git a/spec/views/layouts/_head.html.haml_spec.rb b/spec/views/layouts/_head.html.haml_spec.rb new file mode 100644 index 00000000000..3fddfb3b62f --- /dev/null +++ b/spec/views/layouts/_head.html.haml_spec.rb @@ -0,0 +1,36 @@ +require 'spec_helper' + +describe 'layouts/_head' do + before do + stub_template 'layouts/_user_styles.html.haml' => '' + end + + it 'escapes HTML-safe strings in page_title' do + stub_helper_with_safe_string(:page_title) + + render + + expect(rendered).to match(%{content="foo" http-equiv="refresh"}) + end + + it 'escapes HTML-safe strings in page_description' do + stub_helper_with_safe_string(:page_description) + + render + + expect(rendered).to match(%{content="foo" http-equiv="refresh"}) + end + + it 'escapes HTML-safe strings in page_image' do + stub_helper_with_safe_string(:page_image) + + render + + expect(rendered).to match(%{content="foo" http-equiv="refresh"}) + end + + def stub_helper_with_safe_string(method) + allow_any_instance_of(PageLayoutHelper).to receive(method) + .and_return(%q{foo" http-equiv="refresh}.html_safe) + end +end |