summaryrefslogtreecommitdiff
path: root/spec/validators
diff options
context:
space:
mode:
authorReuben Pereira <rpereira@gitlab.com>2019-01-07 17:55:21 +0000
committerSean McGivern <sean@gitlab.com>2019-01-07 17:55:21 +0000
commitf40b5860d76a8ea5d964260834a6e83516b0f1fd (patch)
tree2a8e92896130697178f5c989e49fa686f66ce073 /spec/validators
parent549ee8ada3b59278871a89720632584bc5cc11df (diff)
downloadgitlab-ce-f40b5860d76a8ea5d964260834a6e83516b0f1fd.tar.gz
Add table and model for error tracking settings
Diffstat (limited to 'spec/validators')
-rw-r--r--spec/validators/url_validator_spec.rb51
1 files changed, 51 insertions, 0 deletions
diff --git a/spec/validators/url_validator_spec.rb b/spec/validators/url_validator_spec.rb
index f3f3386382f..1bb42382e8a 100644
--- a/spec/validators/url_validator_spec.rb
+++ b/spec/validators/url_validator_spec.rb
@@ -172,4 +172,55 @@ describe UrlValidator do
end
end
end
+
+ context 'when enforce_sanitization is' do
+ let(:validator) { described_class.new(attributes: [:link_url], enforce_sanitization: enforce_sanitization) }
+ let(:unsafe_url) { "https://replaceme.com/'><script>alert(document.cookie)</script>" }
+ let(:safe_url) { 'https://replaceme.com/path/to/somewhere' }
+
+ let(:unsafe_internal_url) do
+ Gitlab.config.gitlab.protocol + '://' + Gitlab.config.gitlab.host +
+ "/'><script>alert(document.cookie)</script>"
+ end
+
+ context 'true' do
+ let(:enforce_sanitization) { true }
+
+ it 'prevents unsafe urls' do
+ badge.link_url = unsafe_url
+
+ subject
+
+ expect(badge.errors.empty?).to be false
+ end
+
+ it 'prevents unsafe internal urls' do
+ badge.link_url = unsafe_internal_url
+
+ subject
+
+ expect(badge.errors.empty?).to be false
+ end
+
+ it 'allows safe urls' do
+ badge.link_url = safe_url
+
+ subject
+
+ expect(badge.errors.empty?).to be true
+ end
+ end
+
+ context 'false' do
+ let(:enforce_sanitization) { false }
+
+ it 'allows unsafe urls' do
+ badge.link_url = unsafe_url
+
+ subject
+
+ expect(badge.errors.empty?).to be true
+ end
+ end
+ end
end