diff options
author | Filipa Lacerda <filipa@gitlab.com> | 2018-08-09 12:05:13 +0100 |
---|---|---|
committer | Filipa Lacerda <filipa@gitlab.com> | 2018-08-09 18:28:05 +0100 |
commit | 5e8f11e5fdb792f17d86cf9321537c5c56801a17 (patch) | |
tree | 77a87f8692bd1a24cb4c76d11c7c7740ee1e466f /spec/lib/gitlab/ci/status/build/failed_spec.rb | |
parent | 68082d352516b5367fce76453b8992f4e44d127e (diff) | |
download | gitlab-ce-5e8f11e5fdb792f17d86cf9321537c5c56801a17.tar.gz |
Removes <br> sent from backend on tooltips in jobs
When backend sends HTML it requires frontend to append it to the DOM causing
XSS vulnerabilities. By removing the `<br>` we avoid those vulnerabilities
Diffstat (limited to 'spec/lib/gitlab/ci/status/build/failed_spec.rb')
-rw-r--r-- | spec/lib/gitlab/ci/status/build/failed_spec.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/spec/lib/gitlab/ci/status/build/failed_spec.rb b/spec/lib/gitlab/ci/status/build/failed_spec.rb index b6676b40fd3..e424270f7c5 100644 --- a/spec/lib/gitlab/ci/status/build/failed_spec.rb +++ b/spec/lib/gitlab/ci/status/build/failed_spec.rb @@ -52,7 +52,7 @@ describe Gitlab::Ci::Status::Build::Failed do let(:status) { Gitlab::Ci::Status::Failed.new(build, user) } it 'does override badge_tooltip' do - expect(subject.badge_tooltip).to eq 'failed <br> (script failure)' + expect(subject.badge_tooltip).to eq 'failed - (script failure)' end end @@ -61,7 +61,7 @@ describe Gitlab::Ci::Status::Build::Failed do let(:status) { Gitlab::Ci::Status::Failed.new(build, user) } it 'does override status_tooltip' do - expect(subject.status_tooltip).to eq 'failed <br> (script failure)' + expect(subject.status_tooltip).to eq 'failed - (script failure)' end end |