diff options
author | Robert Speicher <robert@gitlab.com> | 2017-02-13 22:42:46 +0000 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2017-02-15 10:42:13 -0500 |
commit | dd944bf14f4a0fd555db32d5833325fa459d9565 (patch) | |
tree | 7822980b0076e2b116933bd1732d31c3e9d160e7 /spec/factories | |
parent | 7e1f7a02dbe3ebb6688005a4d966670bea12beb1 (diff) | |
download | gitlab-ce-dd944bf14f4a0fd555db32d5833325fa459d9565.tar.gz |
Merge branch 'svg-xss-fix' into 'security'
Fix for XSS vulnerability in SVG attachments
See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2059
Diffstat (limited to 'spec/factories')
-rw-r--r-- | spec/factories/notes.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/spec/factories/notes.rb b/spec/factories/notes.rb index a21da7074f9..5c50cd7f4ad 100644 --- a/spec/factories/notes.rb +++ b/spec/factories/notes.rb @@ -97,7 +97,11 @@ FactoryGirl.define do end trait :with_attachment do - attachment { fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "`/png") } + attachment { fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png") } + end + + trait :with_svg_attachment do + attachment { fixture_file_upload(Rails.root + "spec/fixtures/unsanitized.svg", "image/svg+xml") } end end end |