diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-19 09:08:42 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-19 09:08:42 +0000 |
commit | b76ae638462ab0f673e5915986070518dd3f9ad3 (patch) | |
tree | bdab0533383b52873be0ec0eb4d3c66598ff8b91 /spec/frontend/integrations/edit/components/dynamic_field_spec.js | |
parent | 434373eabe7b4be9593d18a585fb763f1e5f1a6f (diff) | |
download | gitlab-ce-b76ae638462ab0f673e5915986070518dd3f9ad3.tar.gz |
Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42
Diffstat (limited to 'spec/frontend/integrations/edit/components/dynamic_field_spec.js')
-rw-r--r-- | spec/frontend/integrations/edit/components/dynamic_field_spec.js | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/spec/frontend/integrations/edit/components/dynamic_field_spec.js b/spec/frontend/integrations/edit/components/dynamic_field_spec.js index 8784b3c2b00..da8a2f41c1b 100644 --- a/spec/frontend/integrations/edit/components/dynamic_field_spec.js +++ b/spec/frontend/integrations/edit/components/dynamic_field_spec.js @@ -182,6 +182,19 @@ describe('DynamicField', () => { expect(findGlFormGroup().find('small').html()).toContain(helpHTML); }); + + it('strips unsafe HTML from the help text', () => { + const helpHTML = + '[<code>1</code> <iframe>2</iframe> <a href="javascript:alert(document.cookie)">3</a> <a href="foo" target="_blank">4</a>]'; + + createComponent({ + help: helpHTML, + }); + + expect(findGlFormGroup().find('small').html()).toContain( + '[<code>1</code> <a>3</a> <a target="_blank" href="foo">4</a>]', + ); + }); }); describe('label text', () => { |