summaryrefslogtreecommitdiff
path: root/spec/frontend/monitoring
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-05-26 13:48:43 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-05-26 13:48:43 +0000
commit00ed89bc218dc88eae9a4e8de1ce5813729ebfdc (patch)
tree789519e95d46b536ea01292ae58945f2ded55277 /spec/frontend/monitoring
parent37caeffc694e7b6b937eb8c0043ca1f14625c196 (diff)
downloadgitlab-ce-00ed89bc218dc88eae9a4e8de1ce5813729ebfdc.tar.gz
Add latest changes from gitlab-org/security/gitlab@13-0-stable-ee
Diffstat (limited to 'spec/frontend/monitoring')
-rw-r--r--spec/frontend/monitoring/components/duplicate_dashboard_form_spec.js36
1 files changed, 26 insertions, 10 deletions
diff --git a/spec/frontend/monitoring/components/duplicate_dashboard_form_spec.js b/spec/frontend/monitoring/components/duplicate_dashboard_form_spec.js
index 216ec345552..8ab7c8b9e50 100644
--- a/spec/frontend/monitoring/components/duplicate_dashboard_form_spec.js
+++ b/spec/frontend/monitoring/components/duplicate_dashboard_form_spec.js
@@ -3,9 +3,17 @@ import DuplicateDashboardForm from '~/monitoring/components/duplicate_dashboard_
import { dashboardGitResponse } from '../mock_data';
-describe('DuplicateDashboardForm', () => {
- let wrapper;
+let wrapper;
+
+const createMountedWrapper = (props = {}) => {
+ // Use `mount` to render native input elements
+ wrapper = mount(DuplicateDashboardForm, {
+ propsData: { ...props },
+ sync: false,
+ });
+};
+describe('DuplicateDashboardForm', () => {
const defaultBranch = 'master';
const findByRef = ref => wrapper.find({ ref });
@@ -20,14 +28,7 @@ describe('DuplicateDashboardForm', () => {
};
beforeEach(() => {
- // Use `mount` to render native input elements
- wrapper = mount(DuplicateDashboardForm, {
- propsData: {
- dashboard: dashboardGitResponse[0],
- defaultBranch,
- },
- sync: false,
- });
+ createMountedWrapper({ dashboard: dashboardGitResponse[0], defaultBranch });
});
it('renders correctly', () => {
@@ -146,3 +147,18 @@ describe('DuplicateDashboardForm', () => {
});
});
});
+
+describe('DuplicateDashboardForm escapes elements', () => {
+ const branchToEscape = "<img/src='x'onerror=alert(document.domain)>";
+
+ beforeEach(() => {
+ createMountedWrapper({ dashboard: dashboardGitResponse[0], defaultBranch: branchToEscape });
+ });
+
+ it('should escape branch name data', () => {
+ const branchOptionHtml = wrapper.vm.branchOptions[0].html;
+ const escapedBranch = '&lt;img/src=&#39;x&#39;onerror=alert(document.domain)&gt';
+
+ expect(branchOptionHtml).toEqual(expect.stringContaining(escapedBranch));
+ });
+});