Add latest changes from gitlab-org/security/gitlab@15-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-01 07:28:22 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-01 07:28:28 +0000
commit: 37f194bbc19045abe013a58274494c1a6c8bbdd5 (patch)
tree: 99ae3d2a13d8d5592c8fabc7ed38d5117dbfe163 /spec/frontend
parent: de222caa576cab3d0894c65531f5822f205877d5 (diff)
download: gitlab-ce-37f194bbc19045abe013a58274494c1a6c8bbdd5.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/spec/frontend/gfm_auto_complete_spec.js b/spec/frontend/gfm_auto_complete_spec.js
index aa98b2774ea..552377e3381 100644
--- a/spec/frontend/gfm_auto_complete_spec.js
+++ b/spec/frontend/gfm_auto_complete_spec.js
@@ -868,4 +868,19 @@ describe('GfmAutoComplete', () => {
       );
     });
   });
+
+  describe('Contacts', () => {
+    it('escapes name and email correct', () => {
+      const xssPayload = '<script>alert(1)</script>';
+      const escapedPayload = '&lt;script&gt;alert(1)&lt;/script&gt;';
+
+      expect(
+        GfmAutoComplete.Contacts.templateFunction({
+          email: xssPayload,
+          firstName: xssPayload,
+          lastName: xssPayload,
+        }),
+      ).toBe(`<li><small>${escapedPayload} ${escapedPayload}</small> ${escapedPayload}</li>`);
+    });
+  });
 });
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-01 07:28:22 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-01 07:28:28 +0000
commit	37f194bbc19045abe013a58274494c1a6c8bbdd5 (patch)
tree	99ae3d2a13d8d5592c8fabc7ed38d5117dbfe163 /spec/frontend
parent	de222caa576cab3d0894c65531f5822f205877d5 (diff)
download	gitlab-ce-37f194bbc19045abe013a58274494c1a6c8bbdd5.tar.gz