Removes <br> sent from backend on tooltips in jobs

When backend sends HTML it requires frontend to append it to the DOM causing XSS vulnerabilities. By removing the `<br>` we avoid those vulnerabilities
author: Filipa Lacerda <filipa@gitlab.com> 2018-08-09 12:05:13 +0100
committer: Filipa Lacerda <filipa@gitlab.com> 2018-08-09 18:28:05 +0100
commit: 5e8f11e5fdb792f17d86cf9321537c5c56801a17 (patch)
tree: 77a87f8692bd1a24cb4c76d11c7c7740ee1e466f /spec/serializers/build_serializer_spec.rb
parent: 68082d352516b5367fce76453b8992f4e44d127e (diff)
download: gitlab-ce-5e8f11e5fdb792f17d86cf9321537c5c56801a17.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/spec/serializers/build_serializer_spec.rb b/spec/serializers/build_serializer_spec.rb
index 52459cd369d..302ef147eb2 100644
--- a/spec/serializers/build_serializer_spec.rb
+++ b/spec/serializers/build_serializer_spec.rb
@@ -37,7 +37,7 @@ describe BuildSerializer do
       it 'serializes only status' do
         expect(subject[:text]).to eq(status.text)
         expect(subject[:label]).to eq('failed')
-        expect(subject[:tooltip]).to eq('failed <br> (unknown failure)')
+        expect(subject[:tooltip]).to eq('failed - (unknown failure)')
         expect(subject[:icon]).to eq(status.icon)
         expect(subject[:favicon]).to match_asset_path("/assets/ci_favicons/#{status.favicon}.png")
       end
author	Filipa Lacerda <filipa@gitlab.com>	2018-08-09 12:05:13 +0100
committer	Filipa Lacerda <filipa@gitlab.com>	2018-08-09 18:28:05 +0100
commit	5e8f11e5fdb792f17d86cf9321537c5c56801a17 (patch)
tree	77a87f8692bd1a24cb4c76d11c7c7740ee1e466f /spec/serializers/build_serializer_spec.rb
parent	68082d352516b5367fce76453b8992f4e44d127e (diff)
download	gitlab-ce-5e8f11e5fdb792f17d86cf9321537c5c56801a17.tar.gz