summaryrefslogtreecommitdiff
path: root/qa
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-07-20 17:19:54 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-07-20 17:19:54 +0000
commit2ac1cf8af3050860c57933995cefd1e5cf1767de (patch)
treed4ed2f491da63e33fc16631d2be01b84c6235b41 /qa
parentd8bf49ba281a48fe6d44659bedf13cfebb3101d1 (diff)
downloadgitlab-ce-2ac1cf8af3050860c57933995cefd1e5cf1767de.tar.gz
Add latest changes from gitlab-org/gitlab@13-2-stable-ee
Diffstat (limited to 'qa')
-rw-r--r--qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb35
1 files changed, 16 insertions, 19 deletions
diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
index 784f474a7d5..ec88042673c 100644
--- a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
+++ b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
@@ -2,35 +2,32 @@
module QA
RSpec.describe 'Plan', :reliable do
- describe 'check xss occurence in @mentions in issues', :requires_admin do
- it 'mentions a user in a comment' do
- QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
-
- unless QA::Runtime::Env.personal_access_token
- Flow::Login.sign_in_as_admin
- end
-
- user = Resource::User.fabricate_via_api! do |user|
- user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
- user.password = "test1234"
- end
-
- QA::Runtime::Env.personal_access_token = nil
+ let!(:user) do
+ Resource::User.fabricate_via_api! do |user|
+ user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
+ user.password = "test1234"
+ user.api_client = Runtime::API::Client.as_admin
+ end
+ end
- Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
+ let!(:project) do
+ Resource::Project.fabricate_via_api! do |project|
+ project.name = 'xss-test-for-mentions-project'
+ end
+ end
+ describe 'check xss occurence in @mentions in issues', :requires_admin do
+ before do
Flow::Login.sign_in
- project = Resource::Project.fabricate_via_api! do |project|
- project.name = 'xss-test-for-mentions-project'
- end
-
Flow::Project.add_member(project: project, username: user.username)
Resource::Issue.fabricate_via_api! do |issue|
issue.project = project
end.visit!
+ end
+ it 'mentions a user in a comment' do
Page::Project::Issue::Show.perform do |show|
show.select_all_activities_filter
show.comment("cc-ing you here @#{user.username}")
View Lorry Controller Status