Stop event_commit_title from escaping its output

Return a non-html-safe, unescaped String instead of ActiveSupport::SafeBuffer to preserve safety when the output is misused. Currently there's oly one user, which does the right thing. Closes #23311
author: Nick Thomas <nick@gitlab.com> 2016-10-17 11:07:44 +0100
committer: Nick Thomas <nick@gitlab.com> 2016-10-18 13:49:52 +0100
commit: 4012c695cb17f77f3fc928e9eef5c2fd679defc1 (patch)
tree: 9f65963f96c77d1f90b45ff32725e3c4e8d811f9 /spec/helpers
parent: b56f093c2ba4739b9d6cec595b8af3ee61a0d12b (diff)
download: gitlab-ce-4012c695cb17f77f3fc928e9eef5c2fd679defc1.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/helpers/events_helper_spec.rb b/spec/helpers/events_helper_spec.rb
index 022aba0c0d0..594b40303bc 100644
--- a/spec/helpers/events_helper_spec.rb
+++ b/spec/helpers/events_helper_spec.rb
@@ -62,4 +62,21 @@ describe EventsHelper do
       expect(helper.event_note(input)).to eq(expected)
     end
   end
+
+  describe '#event_commit_title' do
+    let(:message) { "foo & bar " + "A" * 70 + "\n" + "B" * 80 }
+    subject { helper.event_commit_title(message) }
+
+    it "returns the first line, truncated to 70 chars" do
+      is_expected.to eq(message[0..66] + "...")
+    end
+
+    it "is not html-safe" do
+      is_expected.not_to be_a(ActiveSupport::SafeBuffer)
+    end
+
+    it "handles empty strings" do
+      expect(helper.event_commit_title("")).to eq("")
+    end
+  end
 end
author	Nick Thomas <nick@gitlab.com>	2016-10-17 11:07:44 +0100
committer	Nick Thomas <nick@gitlab.com>	2016-10-18 13:49:52 +0100
commit	4012c695cb17f77f3fc928e9eef5c2fd679defc1 (patch)
tree	9f65963f96c77d1f90b45ff32725e3c4e8d811f9 /spec/helpers
parent	b56f093c2ba4739b9d6cec595b8af3ee61a0d12b (diff)
download	gitlab-ce-4012c695cb17f77f3fc928e9eef5c2fd679defc1.tar.gz