diff options
author | Douwe Maan <douwe@gitlab.com> | 2017-09-25 07:49:43 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2017-09-25 07:49:43 +0000 |
commit | a183b529dc2a1b9345ec594578d1d54b777f9365 (patch) | |
tree | 8f8784d141384d0852c8255dfac1ad3cec3bb895 /spec | |
parent | 26f05621248c6155af196794239d80117f915a0c (diff) | |
parent | f6bc4403d2f83e5571a06af3ad0989422bf23c12 (diff) | |
download | gitlab-ce-a183b529dc2a1b9345ec594578d1d54b777f9365.tar.gz |
Merge branch 'rs-allow-name-on-anchors' into 'master'
Re-allow `name` attribute on user-provided anchor HTML
Closes #38196
See merge request gitlab-org/gitlab-ce!14452
Diffstat (limited to 'spec')
-rw-r--r-- | spec/lib/banzai/filter/sanitization_filter_spec.rb | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb index 01ceb21dfaa..5f41e28fece 100644 --- a/spec/lib/banzai/filter/sanitization_filter_spec.rb +++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb @@ -47,9 +47,11 @@ describe Banzai::Filter::SanitizationFilter do describe 'custom whitelist' do it 'customizes the whitelist only once' do instance = described_class.new('Foo') + control_count = instance.whitelist[:transformers].size + 3.times { instance.whitelist } - expect(instance.whitelist[:transformers].size).to eq 5 + expect(instance.whitelist[:transformers].size).to eq control_count end it 'sanitizes `class` attribute from all elements' do @@ -101,16 +103,18 @@ describe Banzai::Filter::SanitizationFilter do expect(filter(act).to_html).to eq exp end - it 'disallows the `name` attribute globally' do + it 'disallows the `name` attribute globally, allows on `a`' do html = <<~HTML <img name="getElementById" src=""> <span name="foo" class="bar">Hi</span> + <a name="foo" class="bar">Bye</a> HTML doc = filter(html) expect(doc.at_css('img')).not_to have_attribute('name') expect(doc.at_css('span')).not_to have_attribute('name') + expect(doc.at_css('a')).to have_attribute('name') end it 'allows `summary` elements' do |