Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42

1 files changed, 13 insertions, 0 deletions

diff --git a/spec/frontend/integrations/edit/components/dynamic_field_spec.js b/spec/frontend/integrations/edit/components/dynamic_field_spec.js
index 8784b3c2b00..da8a2f41c1b 100644
--- a/spec/frontend/integrations/edit/components/dynamic_field_spec.js
+++ b/spec/frontend/integrations/edit/components/dynamic_field_spec.js
@@ -182,6 +182,19 @@ describe('DynamicField', () => {
 
         expect(findGlFormGroup().find('small').html()).toContain(helpHTML);
       });
+
+      it('strips unsafe HTML from the help text', () => {
+        const helpHTML =
+          '[<code>1</code> <iframe>2</iframe> <a href="javascript:alert(document.cookie)">3</a> <a href="foo" target="_blank">4</a>]';
+
+        createComponent({
+          help: helpHTML,
+        });
+
+        expect(findGlFormGroup().find('small').html()).toContain(
+          '[<code>1</code>  <a>3</a> <a target="_blank" href="foo">4</a>]',
+        );
+      });
     });
 
     describe('label text', () => {