diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-31 00:04:18 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-31 00:04:18 +0000 |
commit | 386b6dbcda5bb479ff0a6038d5dcf188bcd878b8 (patch) | |
tree | bf9f655c2546eed57ee03aee07317abf9399cca5 /spec/features/refactor_blob_viewer_disabled/projects/blobs/blob_show_spec.rb | |
parent | f5ed5550433a5fedd128542680a94a2c9407919e (diff) | |
download | gitlab-ce-386b6dbcda5bb479ff0a6038d5dcf188bcd878b8.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-9-stable-ee
Diffstat (limited to 'spec/features/refactor_blob_viewer_disabled/projects/blobs/blob_show_spec.rb')
-rw-r--r-- | spec/features/refactor_blob_viewer_disabled/projects/blobs/blob_show_spec.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/spec/features/refactor_blob_viewer_disabled/projects/blobs/blob_show_spec.rb b/spec/features/refactor_blob_viewer_disabled/projects/blobs/blob_show_spec.rb index 659014c922b..5574b4da383 100644 --- a/spec/features/refactor_blob_viewer_disabled/projects/blobs/blob_show_spec.rb +++ b/spec/features/refactor_blob_viewer_disabled/projects/blobs/blob_show_spec.rb @@ -1050,6 +1050,53 @@ RSpec.describe 'File blob', :js do end end end + + context 'openapi.yml' do + before do + file_name = 'openapi.yml' + + create_file(file_name, ' + swagger: \'2.0\' + info: + title: Classic API Resource Documentation + description: | + <div class="foo-bar" style="background-color: red;" data-foo-bar="baz"> + <h1>Swagger API documentation</h1> + </div> + version: production + basePath: /JSSResource/ + produces: + - application/xml + - application/json + consumes: + - application/xml + - application/json + security: + - basicAuth: [] + paths: + /accounts: + get: + responses: + \'200\': + description: No response was specified + tags: + - accounts + operationId: findAccounts + summary: Finds all accounts + ') + visit_blob(file_name, useUnsafeMarkdown: '1') + click_button('Display rendered file') + + wait_for_requests + end + + it 'removes `style`, `class`, and `data-*`` attributes from HTML' do + expect(page).to have_css('h1', text: 'Swagger API documentation') + expect(page).not_to have_css('.foo-bar') + expect(page).not_to have_css('[style="background-color: red;"]') + expect(page).not_to have_css('[data-foo-bar="baz"]') + end + end end context 'realtime pipelines' do |