diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-06-29 19:21:38 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-06-29 19:21:38 +0000 |
commit | 11e9b7b58837da351f08c18e6f0f4faba4d7d301 (patch) | |
tree | d9b28159a53c3814c8a2e6b33a5f01557b757439 /spec/validators | |
parent | 2b0b97e746e327c6168505df7740e667b690a27f (diff) | |
download | gitlab-ce-11e9b7b58837da351f08c18e6f0f4faba4d7d301.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-1-stable-ee
Diffstat (limited to 'spec/validators')
-rw-r--r-- | spec/validators/html_safety_validator_spec.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/spec/validators/html_safety_validator_spec.rb b/spec/validators/html_safety_validator_spec.rb new file mode 100644 index 00000000000..4d9425235e3 --- /dev/null +++ b/spec/validators/html_safety_validator_spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe HtmlSafetyValidator do + let(:validator) { described_class.new(attributes: [:name]) } + let(:group) { build(:group) } + + def validate(value) + validator.validate_each(group, :name, value) + end + + it 'adds an error when a script is included in the name' do + validate('My group <script>evil_script</script>') + + expect(group.errors[:name]).to eq([HtmlSafetyValidator.error_message]) + end + + it 'does not add an error when an ampersand is included in the name' do + validate('Group with 1 & 2') + + expect(group.errors).to be_empty + end +end |