Merge branch 'rs-allow-name-on-anchors' into 'master'

Re-allow `name` attribute on user-provided anchor HTML

Closes #38196

See merge request gitlab-org/gitlab-ce!14452

1 files changed, 6 insertions, 2 deletions

diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb
index 01ceb21dfaa..5f41e28fece 100644
--- a/spec/lib/banzai/filter/sanitization_filter_spec.rb
+++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb
@@ -47,9 +47,11 @@ describe Banzai::Filter::SanitizationFilter do
   describe 'custom whitelist' do
     it 'customizes the whitelist only once' do
       instance = described_class.new('Foo')
+      control_count = instance.whitelist[:transformers].size
+
       3.times { instance.whitelist }
 
-      expect(instance.whitelist[:transformers].size).to eq 5
+      expect(instance.whitelist[:transformers].size).to eq control_count
     end
 
     it 'sanitizes `class` attribute from all elements' do
@@ -101,16 +103,18 @@ describe Banzai::Filter::SanitizationFilter do
       expect(filter(act).to_html).to eq exp
     end
 
-    it 'disallows the `name` attribute globally' do
+    it 'disallows the `name` attribute globally, allows on `a`' do
       html = <<~HTML
         <img name="getElementById" src="">
         <span name="foo" class="bar">Hi</span>
+        <a name="foo" class="bar">Bye</a>
       HTML
 
       doc = filter(html)
 
       expect(doc.at_css('img')).not_to have_attribute('name')
       expect(doc.at_css('span')).not_to have_attribute('name')
+      expect(doc.at_css('a')).to have_attribute('name')
     end
 
     it 'allows `summary` elements' do