diff options
| author | Reuben Pereira <rpereira@gitlab.com> | 2019-01-07 17:55:21 +0000 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2019-01-07 17:55:21 +0000 |
| commit | f40b5860d76a8ea5d964260834a6e83516b0f1fd (patch) | |
| tree | 2a8e92896130697178f5c989e49fa686f66ce073 /spec/validators | |
| parent | 549ee8ada3b59278871a89720632584bc5cc11df (diff) | |
| download | gitlab-ce-f40b5860d76a8ea5d964260834a6e83516b0f1fd.tar.gz | |
Add table and model for error tracking settings
Diffstat (limited to 'spec/validators')
| -rw-r--r-- | spec/validators/url_validator_spec.rb | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/spec/validators/url_validator_spec.rb b/spec/validators/url_validator_spec.rb index f3f3386382f..1bb42382e8a 100644 --- a/spec/validators/url_validator_spec.rb +++ b/spec/validators/url_validator_spec.rb @@ -172,4 +172,55 @@ describe UrlValidator do end end end + + context 'when enforce_sanitization is' do + let(:validator) { described_class.new(attributes: [:link_url], enforce_sanitization: enforce_sanitization) } + let(:unsafe_url) { "https://replaceme.com/'><script>alert(document.cookie)</script>" } + let(:safe_url) { 'https://replaceme.com/path/to/somewhere' } + + let(:unsafe_internal_url) do + Gitlab.config.gitlab.protocol + '://' + Gitlab.config.gitlab.host + + "/'><script>alert(document.cookie)</script>" + end + + context 'true' do + let(:enforce_sanitization) { true } + + it 'prevents unsafe urls' do + badge.link_url = unsafe_url + + subject + + expect(badge.errors.empty?).to be false + end + + it 'prevents unsafe internal urls' do + badge.link_url = unsafe_internal_url + + subject + + expect(badge.errors.empty?).to be false + end + + it 'allows safe urls' do + badge.link_url = safe_url + + subject + + expect(badge.errors.empty?).to be true + end + end + + context 'false' do + let(:enforce_sanitization) { false } + + it 'allows unsafe urls' do + badge.link_url = unsafe_url + + subject + + expect(badge.errors.empty?).to be true + end + end + end end |