diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-29 23:48:15 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-29 23:48:15 +0000 |
commit | ef77d7f75069ca5f71261d80bc9caea59168cba2 (patch) | |
tree | b5d128c44de05edc90e0d3cb5fca398c55803628 /spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb | |
parent | b405157ce7809b3671155faa8f3c3395e3fc74ce (diff) | |
download | gitlab-ce-ef77d7f75069ca5f71261d80bc9caea59168cba2.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-9-stable-ee
Diffstat (limited to 'spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb')
-rw-r--r-- | spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb b/spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb new file mode 100644 index 00000000000..1ace28be5b4 --- /dev/null +++ b/spec/views/explore/projects/page_out_of_bounds.html.haml_spec.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'explore/projects/page_out_of_bounds.html.haml', feature_category: :projects do + let(:page_limit) { 10 } + let(:unsafe_param) { 'hacked_using_unsafe_param!' } + + before do + assign(:max_page_number, page_limit) + + controller.params[:action] = 'index' + controller.params[:host] = unsafe_param + controller.params[:protocol] = unsafe_param + controller.params[:sort] = 'name_asc' + end + + it 'removes unsafe params from the link' do + render + + href = "/explore/projects?page=#{page_limit}&sort=name_asc" + button_text = format(_("Back to page %{number}"), number: page_limit) + expect(rendered).to have_link(button_text, href: href) + expect(rendered).not_to include(unsafe_param) + end +end |