Allow maintainers to edit directly in a fork

author: Bob Van Landuyt <bob@vanlanduyt.co> 2018-02-28 09:06:18 +0100
committer: Bob Van Landuyt <bob@vanlanduyt.co> 2018-03-07 16:55:34 +0100
commit: e74879280f0cbf48fa0dcf8031e711cc51c9183f (patch)
tree: 291ec858063ba12d569b5a2810215d67b62195ac /spec/helpers
parent: c9557ad711c6cdf4465fb8c3c9b0dbaffcafa0e8 (diff)
download: gitlab-ce-e74879280f0cbf48fa0dcf8031e711cc51c9183f.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/spec/helpers/tree_helper_spec.rb b/spec/helpers/tree_helper_spec.rb
index d3b1be599dd..ccac6e29447 100644
--- a/spec/helpers/tree_helper_spec.rb
+++ b/spec/helpers/tree_helper_spec.rb
@@ -62,4 +62,13 @@ describe TreeHelper do
       end
     end
   end
+
+  describe '#commit_in_single_accessible_branch' do
+    it 'escapes HTML from the branch name' do
+      helper.instance_variable_set(:@branch_name, "<script>alert('escape me!');</script>")
+      escaped_branch_name = '&lt;script&gt;alert(&#39;escape me!&#39;);&lt;/script&gt;'
+
+      expect(helper.commit_in_single_accessible_branch).to include(escaped_branch_name)
+    end
+  end
 end
author	Bob Van Landuyt <bob@vanlanduyt.co>	2018-02-28 09:06:18 +0100
committer	Bob Van Landuyt <bob@vanlanduyt.co>	2018-03-07 16:55:34 +0100
commit	e74879280f0cbf48fa0dcf8031e711cc51c9183f (patch)
tree	291ec858063ba12d569b5a2810215d67b62195ac /spec/helpers
parent	c9557ad711c6cdf4465fb8c3c9b0dbaffcafa0e8 (diff)
download	gitlab-ce-e74879280f0cbf48fa0dcf8031e711cc51c9183f.tar.gz