summaryrefslogtreecommitdiff
path: root/spec/frontend
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2022-06-01 07:28:22 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2022-06-01 07:28:28 +0000
commit37f194bbc19045abe013a58274494c1a6c8bbdd5 (patch)
tree99ae3d2a13d8d5592c8fabc7ed38d5117dbfe163 /spec/frontend
parentde222caa576cab3d0894c65531f5822f205877d5 (diff)
downloadgitlab-ce-37f194bbc19045abe013a58274494c1a6c8bbdd5.tar.gz
Add latest changes from gitlab-org/security/gitlab@15-0-stable-ee
Diffstat (limited to 'spec/frontend')
-rw-r--r--spec/frontend/gfm_auto_complete_spec.js15
1 files changed, 15 insertions, 0 deletions
diff --git a/spec/frontend/gfm_auto_complete_spec.js b/spec/frontend/gfm_auto_complete_spec.js
index aa98b2774ea..552377e3381 100644
--- a/spec/frontend/gfm_auto_complete_spec.js
+++ b/spec/frontend/gfm_auto_complete_spec.js
@@ -868,4 +868,19 @@ describe('GfmAutoComplete', () => {
);
});
});
+
+ describe('Contacts', () => {
+ it('escapes name and email correct', () => {
+ const xssPayload = '<script>alert(1)</script>';
+ const escapedPayload = '&lt;script&gt;alert(1)&lt;/script&gt;';
+
+ expect(
+ GfmAutoComplete.Contacts.templateFunction({
+ email: xssPayload,
+ firstName: xssPayload,
+ lastName: xssPayload,
+ }),
+ ).toBe(`<li><small>${escapedPayload} ${escapedPayload}</small> ${escapedPayload}</li>`);
+ });
+ });
});