diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-26 13:48:43 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-26 13:48:43 +0000 |
commit | 00ed89bc218dc88eae9a4e8de1ce5813729ebfdc (patch) | |
tree | 789519e95d46b536ea01292ae58945f2ded55277 /spec/frontend/monitoring | |
parent | 37caeffc694e7b6b937eb8c0043ca1f14625c196 (diff) | |
download | gitlab-ce-00ed89bc218dc88eae9a4e8de1ce5813729ebfdc.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-0-stable-ee
Diffstat (limited to 'spec/frontend/monitoring')
-rw-r--r-- | spec/frontend/monitoring/components/duplicate_dashboard_form_spec.js | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/spec/frontend/monitoring/components/duplicate_dashboard_form_spec.js b/spec/frontend/monitoring/components/duplicate_dashboard_form_spec.js index 216ec345552..8ab7c8b9e50 100644 --- a/spec/frontend/monitoring/components/duplicate_dashboard_form_spec.js +++ b/spec/frontend/monitoring/components/duplicate_dashboard_form_spec.js @@ -3,9 +3,17 @@ import DuplicateDashboardForm from '~/monitoring/components/duplicate_dashboard_ import { dashboardGitResponse } from '../mock_data'; -describe('DuplicateDashboardForm', () => { - let wrapper; +let wrapper; + +const createMountedWrapper = (props = {}) => { + // Use `mount` to render native input elements + wrapper = mount(DuplicateDashboardForm, { + propsData: { ...props }, + sync: false, + }); +}; +describe('DuplicateDashboardForm', () => { const defaultBranch = 'master'; const findByRef = ref => wrapper.find({ ref }); @@ -20,14 +28,7 @@ describe('DuplicateDashboardForm', () => { }; beforeEach(() => { - // Use `mount` to render native input elements - wrapper = mount(DuplicateDashboardForm, { - propsData: { - dashboard: dashboardGitResponse[0], - defaultBranch, - }, - sync: false, - }); + createMountedWrapper({ dashboard: dashboardGitResponse[0], defaultBranch }); }); it('renders correctly', () => { @@ -146,3 +147,18 @@ describe('DuplicateDashboardForm', () => { }); }); }); + +describe('DuplicateDashboardForm escapes elements', () => { + const branchToEscape = "<img/src='x'onerror=alert(document.domain)>"; + + beforeEach(() => { + createMountedWrapper({ dashboard: dashboardGitResponse[0], defaultBranch: branchToEscape }); + }); + + it('should escape branch name data', () => { + const branchOptionHtml = wrapper.vm.branchOptions[0].html; + const escapedBranch = '<img/src='x'onerror=alert(document.domain)>'; + + expect(branchOptionHtml).toEqual(expect.stringContaining(escapedBranch)); + }); +}); |