diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-29 23:48:05 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-29 23:48:05 +0000 |
commit | 3dd03a1a19e6b788ec1296044e28f7727e5149a6 (patch) | |
tree | 133f13a2c5bb0fbb7cc5706487b91134194b3870 /spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb | |
parent | 096459e2c2c8e3c17eb6e677091990adffe9af7d (diff) | |
download | gitlab-ce-3dd03a1a19e6b788ec1296044e28f7727e5149a6.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-10-stable-ee
Diffstat (limited to 'spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb')
-rw-r--r-- | spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb b/spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb new file mode 100644 index 00000000000..1ace28be5b4 --- /dev/null +++ b/spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'explore/projects/page_out_of_bounds.html.haml', feature_category: :projects do + let(:page_limit) { 10 } + let(:unsafe_param) { 'hacked_using_unsafe_param!' } + + before do + assign(:max_page_number, page_limit) + + controller.params[:action] = 'index' + controller.params[:host] = unsafe_param + controller.params[:protocol] = unsafe_param + controller.params[:sort] = 'name_asc' + end + + it 'removes unsafe params from the link' do + render + + href = "/explore/projects?page=#{page_limit}&sort=name_asc" + button_text = format(_("Back to page %{number}"), number: page_limit) + expect(rendered).to have_link(button_text, href: href) + expect(rendered).not_to include(unsafe_param) + end +end |