Add latest changes from gitlab-org/security/gitlab@13-1-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-06-29 19:21:38 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-06-29 19:21:38 +0000
commit: 11e9b7b58837da351f08c18e6f0f4faba4d7d301 (patch)
tree: d9b28159a53c3814c8a2e6b33a5f01557b757439 /spec/validators
parent: 2b0b97e746e327c6168505df7740e667b690a27f (diff)
download: gitlab-ce-11e9b7b58837da351f08c18e6f0f4faba4d7d301.tar.gz
1 files changed, 24 insertions, 0 deletions
diff --git a/spec/validators/html_safety_validator_spec.rb b/spec/validators/html_safety_validator_spec.rb
new file mode 100644
index 00000000000..4d9425235e3
--- /dev/null
+++ b/spec/validators/html_safety_validator_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe HtmlSafetyValidator do
+  let(:validator) { described_class.new(attributes: [:name]) }
+  let(:group) { build(:group) }
+
+  def validate(value)
+    validator.validate_each(group, :name, value)
+  end
+
+  it 'adds an error when a script is included in the name' do
+    validate('My group <script>evil_script</script>')
+
+    expect(group.errors[:name]).to eq([HtmlSafetyValidator.error_message])
+  end
+
+  it 'does not add an error when an ampersand is included in the name' do
+    validate('Group with 1 & 2')
+
+    expect(group.errors).to be_empty
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-06-29 19:21:38 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-06-29 19:21:38 +0000
commit	11e9b7b58837da351f08c18e6f0f4faba4d7d301 (patch)
tree	d9b28159a53c3814c8a2e6b33a5f01557b757439 /spec/validators
parent	2b0b97e746e327c6168505df7740e667b690a27f (diff)
download	gitlab-ce-11e9b7b58837da351f08c18e6f0f4faba4d7d301.tar.gz