diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-01-10 20:36:29 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-01-10 20:36:29 +0000 |
| commit | 1eef146c2d1de19d4e995d421e5787053e50db80 (patch) | |
| tree | 2761efabea712248557826977a849e31e3fdb961 /spec/frontend | |
| parent | 661d663ab2b7c69977ba8a0db02ef4afc2427e39 (diff) | |
| download | gitlab-ce-1eef146c2d1de19d4e995d421e5787053e50db80.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@14-6-stable-ee
Diffstat (limited to 'spec/frontend')
| -rw-r--r-- | spec/frontend/behaviors/gl_emoji_spec.js | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/frontend/behaviors/gl_emoji_spec.js b/spec/frontend/behaviors/gl_emoji_spec.js index 0f4e2e08dbd..cac1ea67cf5 100644 --- a/spec/frontend/behaviors/gl_emoji_spec.js +++ b/spec/frontend/behaviors/gl_emoji_spec.js @@ -97,6 +97,18 @@ describe('gl_emoji', () => { }); }); + it('escapes gl-emoji name', async () => { + const glEmojiElement = markupToDomElement( + "<gl-emoji data-name='"x="y" onload="alert(document.location.href)"' data-unicode-version='x'>abc</gl-emoji>", + ); + + await waitForPromises(); + + expect(glEmojiElement.outerHTML).toBe( + '<gl-emoji data-name=""x="y" onload="alert(document.location.href)"" data-unicode-version="x"><img class="emoji" title=":"x="y" onload="alert(document.location.href)":" alt=":"x="y" onload="alert(document.location.href)":" src="/-/emojis/2/grey_question.png" width="20" height="20" align="absmiddle"></gl-emoji>', + ); + }); + it('Adds sprite CSS if emojis are not supported', async () => { const testPath = '/test-path.css'; jest.spyOn(EmojiUnicodeSupport, 'default').mockReturnValue(false); |