Removes <br> sent from backend on tooltips in jobs

When backend sends HTML it requires frontend to append it to the DOM causing XSS vulnerabilities. By removing the `<br>` we avoid those vulnerabilities
author: Filipa Lacerda <filipa@gitlab.com> 2018-08-09 12:05:13 +0100
committer: Filipa Lacerda <filipa@gitlab.com> 2018-08-09 18:28:05 +0100
commit: 5e8f11e5fdb792f17d86cf9321537c5c56801a17 (patch)
tree: 77a87f8692bd1a24cb4c76d11c7c7740ee1e466f /spec/lib/gitlab/ci/status/build/failed_spec.rb
parent: 68082d352516b5367fce76453b8992f4e44d127e (diff)
download: gitlab-ce-5e8f11e5fdb792f17d86cf9321537c5c56801a17.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/spec/lib/gitlab/ci/status/build/failed_spec.rb b/spec/lib/gitlab/ci/status/build/failed_spec.rb
index b6676b40fd3..e424270f7c5 100644
--- a/spec/lib/gitlab/ci/status/build/failed_spec.rb
+++ b/spec/lib/gitlab/ci/status/build/failed_spec.rb
@@ -52,7 +52,7 @@ describe Gitlab::Ci::Status::Build::Failed do
     let(:status) { Gitlab::Ci::Status::Failed.new(build, user) }
 
     it 'does override badge_tooltip' do
-      expect(subject.badge_tooltip).to eq 'failed <br> (script failure)'
+      expect(subject.badge_tooltip).to eq 'failed - (script failure)'
     end
   end
 
@@ -61,7 +61,7 @@ describe Gitlab::Ci::Status::Build::Failed do
     let(:status) { Gitlab::Ci::Status::Failed.new(build, user) }
 
     it 'does override status_tooltip' do
-      expect(subject.status_tooltip).to eq 'failed <br> (script failure)'
+      expect(subject.status_tooltip).to eq 'failed - (script failure)'
     end
   end
author	Filipa Lacerda <filipa@gitlab.com>	2018-08-09 12:05:13 +0100
committer	Filipa Lacerda <filipa@gitlab.com>	2018-08-09 18:28:05 +0100
commit	5e8f11e5fdb792f17d86cf9321537c5c56801a17 (patch)
tree	77a87f8692bd1a24cb4c76d11c7c7740ee1e466f /spec/lib/gitlab/ci/status/build/failed_spec.rb
parent	68082d352516b5367fce76453b8992f4e44d127e (diff)
download	gitlab-ce-5e8f11e5fdb792f17d86cf9321537c5c56801a17.tar.gz