Properly sanitize JSON data to fix XSS on Issue details page.

author: Fatih Acet <acetfatih@gmail.com> 2018-08-23 22:53:35 +0200
committer: André Luís <aluis@gitlab.com> 2018-09-11 13:30:36 +0100
commit: 6d360c210d3d822fc266eecc04753481ae4bda70 (patch)
tree: 2884f5d800cd8f26020bcf0913aa78c11bc3a61d /spec/features/issues/issue_detail_spec.rb
parent: c56f2b96159afaf6f1e0831d0e7a756a40568cab (diff)
download: gitlab-ce-6d360c210d3d822fc266eecc04753481ae4bda70.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/features/issues/issue_detail_spec.rb b/spec/features/issues/issue_detail_spec.rb
index 088ab114df3..76bc93e9766 100644
--- a/spec/features/issues/issue_detail_spec.rb
+++ b/spec/features/issues/issue_detail_spec.rb
@@ -18,6 +18,23 @@ describe 'Issue Detail', :js do
     end
   end
 
+  context 'when issue description has xss snippet' do
+    before do
+      issue.update!(description: '![xss" onload=alert(1);//](a)')
+      sign_in(user)
+      visit project_issue_path(project, issue)
+      wait_for_requests
+    end
+
+    it 'should encode the description to prevent xss issues' do
+      page.within('.issuable-details .detail-page-description') do
+        expect(page).to have_selector('img', count: 1)
+        expect(find('img')['onerror']).to be_nil
+        expect(find('img')['src']).to end_with('/a')
+      end
+    end
+  end
+
   context 'when edited by a user who is later deleted' do
     before do
       sign_in(user)
author	Fatih Acet <acetfatih@gmail.com>	2018-08-23 22:53:35 +0200
committer	André Luís <aluis@gitlab.com>	2018-09-11 13:30:36 +0100
commit	6d360c210d3d822fc266eecc04753481ae4bda70 (patch)
tree	2884f5d800cd8f26020bcf0913aa78c11bc3a61d /spec/features/issues/issue_detail_spec.rb
parent	c56f2b96159afaf6f1e0831d0e7a756a40568cab (diff)
download	gitlab-ce-6d360c210d3d822fc266eecc04753481ae4bda70.tar.gz