diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-30 12:22:09 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-30 12:22:09 +0000 |
commit | eba52140851d2fb08665119c0a3997d0612ccb88 (patch) | |
tree | 4bc562fadc518009435642e0bd265c8fb5bdc5a5 /spec/helpers | |
parent | 2da7c8579601c14a93d4291b8cf5fa39c6eeabd8 (diff) | |
download | gitlab-ce-eba52140851d2fb08665119c0a3997d0612ccb88.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-2-stable-ee
Diffstat (limited to 'spec/helpers')
-rw-r--r-- | spec/helpers/integrations_helper_spec.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/spec/helpers/integrations_helper_spec.rb b/spec/helpers/integrations_helper_spec.rb index 8e652d2f150..3a7d4d12513 100644 --- a/spec/helpers/integrations_helper_spec.rb +++ b/spec/helpers/integrations_helper_spec.rb @@ -98,4 +98,19 @@ RSpec.describe IntegrationsHelper do end end end + + describe '#jira_issue_breadcrumb_link' do + let(:issue_reference) { nil } + + subject { helper.jira_issue_breadcrumb_link(issue_reference) } + + context 'when issue_reference contains HTML' do + let(:issue_reference) { "<script>alert('XSS')</script>" } + + it 'escapes issue reference' do + is_expected.not_to include(issue_reference) + is_expected.to include(html_escape(issue_reference)) + end + end + end end |