diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-31 11:39:05 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-31 11:39:05 +0000 |
| commit | 63a19a71aedcafe0148912c536a36768ed126533 (patch) | |
| tree | ba59e27aa4138be3081c36918d18a717736eebf9 /spec/frontend | |
| parent | 66ae38874a7a300887a2821354c079ae8aa69c26 (diff) | |
| download | gitlab-ce-63a19a71aedcafe0148912c536a36768ed126533.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@13-12-stable-ee
Diffstat (limited to 'spec/frontend')
| -rw-r--r-- | spec/frontend/notebook/cells/markdown_spec.js | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/spec/frontend/notebook/cells/markdown_spec.js b/spec/frontend/notebook/cells/markdown_spec.js index d250ffed1a9..deeee5d6589 100644 --- a/spec/frontend/notebook/cells/markdown_spec.js +++ b/spec/frontend/notebook/cells/markdown_spec.js @@ -39,7 +39,7 @@ describe('Markdown component', () => { expect(vm.$el.querySelector('.markdown h1')).not.toBeNull(); }); - it('sanitizes output', async () => { + it('sanitizes Markdown output', async () => { Object.assign(cell, { source: [ '[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+Cg==)\n', @@ -50,6 +50,17 @@ describe('Markdown component', () => { expect(vm.$el.querySelector('a').getAttribute('href')).toBeNull(); }); + it('sanitizes HTML', async () => { + const findLink = () => vm.$el.querySelector('.xss-link'); + Object.assign(cell, { + source: ['<a href="test.js" data-remote=true data-type="script" class="xss-link">XSS</a>\n'], + }); + + await vm.$nextTick(); + expect(findLink().getAttribute('data-remote')).toBe(null); + expect(findLink().getAttribute('data-type')).toBe(null); + }); + describe('tables', () => { beforeEach(() => { json = getJSONFixture('blob/notebook/markdown-table.json'); |