Add latest changes from gitlab-org/security/gitlab@12-10-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 14:57:55 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 14:57:55 +0000
commit: 10fc441cba99167120253ed05c53bcb16e80771c (patch)
tree: 3ed7611858cda4f3d7989f11ad4aa902dfbef906 /spec/lib/gitlab/static_site_editor/config_spec.rb
parent: 4cc9d3e28ab73ad593b2abb9f43831865f040e22 (diff)
download: gitlab-ce-10fc441cba99167120253ed05c53bcb16e80771c.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/spec/lib/gitlab/static_site_editor/config_spec.rb b/spec/lib/gitlab/static_site_editor/config_spec.rb
index 8f61476722d..8fd4c844375 100644
--- a/spec/lib/gitlab/static_site_editor/config_spec.rb
+++ b/spec/lib/gitlab/static_site_editor/config_spec.rb
@@ -57,5 +57,23 @@ describe Gitlab::StaticSiteEditor::Config do
 
       it { is_expected.to include(is_supported_content: false) }
     end
+
+    context 'when return_url is not a valid URL' do
+      let(:return_url) { 'example.com' }
+
+      it { is_expected.to include(return_url: nil) }
+    end
+
+    context 'when return_url has a javascript scheme' do
+      let(:return_url) { 'javascript:alert(document.domain)' }
+
+      it { is_expected.to include(return_url: nil) }
+    end
+
+    context 'when return_url is missing' do
+      let(:return_url) { nil }
+
+      it { is_expected.to include(return_url: nil) }
+    end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 14:57:55 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 14:57:55 +0000
commit	10fc441cba99167120253ed05c53bcb16e80771c (patch)
tree	3ed7611858cda4f3d7989f11ad4aa902dfbef906 /spec/lib/gitlab/static_site_editor/config_spec.rb
parent	4cc9d3e28ab73ad593b2abb9f43831865f040e22 (diff)
download	gitlab-ce-10fc441cba99167120253ed05c53bcb16e80771c.tar.gz