Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-09-29 12:59:36 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-09-29 12:59:57 +0000
commit: 77e5b153659e884a5fa8442d675f2b88e9de2dd2 (patch)
tree: 1e0a5bf0dca7160afbd7f8fa578e61cc665b2ad5 /spec/frontend
parent: a3adc9bca8f340d1e88fda2e5c5d24326417acc4 (diff)
download: gitlab-ce-77e5b153659e884a5fa8442d675f2b88e9de2dd2.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/frontend/users_select/index_spec.js b/spec/frontend/users_select/index_spec.js
index 99caaf61c54..0d2aae78944 100644
--- a/spec/frontend/users_select/index_spec.js
+++ b/spec/frontend/users_select/index_spec.js
@@ -1,3 +1,5 @@
+import { escape } from 'lodash';
+import UsersSelect from '~/users_select/index';
 import {
   createInputsModelExpectation,
   createUnassignedExpectation,
@@ -91,5 +93,19 @@ describe('~/users_select/index', () => {
         expect(findDropdownItemsModel()).toEqual(expectation);
       });
     });
+
+    describe('renderApprovalRules', () => {
+      const ruleNames = ['simple-name', '"\'<>&', '"><script>alert(1)<script>'];
+
+      it.each(ruleNames)('escapes rule name correctly for %s', (name) => {
+        const escapedName = escape(name);
+
+        expect(
+          UsersSelect.prototype.renderApprovalRules('reviewer', [{ name }]),
+        ).toMatchInterpolatedText(
+          `<div class="gl-display-flex gl-font-sm"> <span class="gl-text-truncate" title="${escapedName}">${escapedName}</span> </div>`,
+        );
+      });
+    });
   });
 });
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-09-29 12:59:36 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-09-29 12:59:57 +0000
commit	77e5b153659e884a5fa8442d675f2b88e9de2dd2 (patch)
tree	1e0a5bf0dca7160afbd7f8fa578e61cc665b2ad5 /spec/frontend
parent	a3adc9bca8f340d1e88fda2e5c5d24326417acc4 (diff)
download	gitlab-ce-77e5b153659e884a5fa8442d675f2b88e9de2dd2.tar.gz