diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-11 15:08:44 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-11 15:08:44 +0000 |
commit | bcc77054ee9aefd1e332e04a4189390fd5a3112e (patch) | |
tree | e6e1908c310e4733038794e932196cae0d66ba9a /spec/features/issues/issue_detail_spec.rb | |
parent | 05b5c609cb8c260b10c2eb1b92b711dc82d32c3f (diff) | |
download | gitlab-ce-bcc77054ee9aefd1e332e04a4189390fd5a3112e.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/features/issues/issue_detail_spec.rb')
-rw-r--r-- | spec/features/issues/issue_detail_spec.rb | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/spec/features/issues/issue_detail_spec.rb b/spec/features/issues/issue_detail_spec.rb index a1b53718577..0d24b02a64c 100644 --- a/spec/features/issues/issue_detail_spec.rb +++ b/spec/features/issues/issue_detail_spec.rb @@ -23,16 +23,18 @@ describe 'Issue Detail', :js do context 'when issue description has xss snippet' do before do issue.update!(description: '![xss" onload=alert(1);//](a)') + sign_in(user) visit project_issue_path(project, issue) - wait_for_requests end it 'encodes the description to prevent xss issues' do page.within('.issuable-details .detail-page-description') do + image = find('img.js-lazy-loaded') + expect(page).to have_selector('img', count: 1) - expect(find('img')['onerror']).to be_nil - expect(find('img')['src']).to end_with('/a') + expect(image['onerror']).to be_nil + expect(image['src']).to end_with('/a') end end end |