Add latest changes from gitlab-org/security/gitlab@15-1-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-29 14:14:01 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-29 14:14:01 +0000
commit: a5baa12bfff6c41f6c9cf156edcf8e621f71848e (patch)
tree: 1a7f51da1300bca04a1bd070f12e66bc4955c832 /spec/frontend
parent: bb51b8a098aa17b226d1e7941218512f8c835e08 (diff)
download: gitlab-ce-a5baa12bfff6c41f6c9cf156edcf8e621f71848e.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/frontend/projects/settings/access_dropdown_spec.js b/spec/frontend/projects/settings/access_dropdown_spec.js
index 65b01172e7e..d51360a7597 100644
--- a/spec/frontend/projects/settings/access_dropdown_spec.js
+++ b/spec/frontend/projects/settings/access_dropdown_spec.js
@@ -159,4 +159,21 @@ describe('AccessDropdown', () => {
       expect(template).not.toContain(user.name);
     });
   });
+
+  describe('deployKeyRowHtml', () => {
+    const deployKey = {
+      id: 1,
+      title: 'title <script>alert(document.domain)</script>',
+      fullname: 'fullname <script>alert(document.domain)</script>',
+      avatar_url: '',
+      username: '',
+    };
+
+    it('escapes deploy key title and fullname', () => {
+      const template = dropdown.deployKeyRowHtml(deployKey);
+
+      expect(template).not.toContain(deployKey.title);
+      expect(template).not.toContain(deployKey.fullname);
+    });
+  });
 });
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-29 14:14:01 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-29 14:14:01 +0000
commit	a5baa12bfff6c41f6c9cf156edcf8e621f71848e (patch)
tree	1a7f51da1300bca04a1bd070f12e66bc4955c832 /spec/frontend
parent	bb51b8a098aa17b226d1e7941218512f8c835e08 (diff)
download	gitlab-ce-a5baa12bfff6c41f6c9cf156edcf8e621f71848e.tar.gz