diff options
Diffstat (limited to 'qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb')
-rw-r--r-- | qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb index 5eceeb9661c..70c03e10449 100644 --- a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb +++ b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb @@ -3,17 +3,27 @@ module QA context 'Plan' do describe 'check xss occurence in @mentions in issues' do - let(:issue_title) { 'issue title' } - it 'user mentions a user in comment' do - Runtime::Browser.visit(:gitlab, Page::Main::Login) - Page::Main::Login.perform(&:sign_in_using_credentials) + QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token + + unless QA::Runtime::Env.personal_access_token + Runtime::Browser.visit(:gitlab, Page::Main::Login) + Page::Main::Login.perform(&:sign_in_using_admin_credentials) + end user = Resource::User.fabricate_via_api! do |user| user.name = "eve <img src=x onerror=alert(2)<img src=x onerror=alert(1)>" user.password = "test1234" end + QA::Runtime::Env.personal_access_token = nil + + Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) } + + Runtime::Browser.visit(:gitlab, Page::Main::Login) + + Page::Main::Login.perform(&:sign_in_using_credentials) + project = Resource::Project.fabricate_via_api! do |resource| resource.name = 'xss-test-for-mentions-project' end @@ -25,17 +35,17 @@ module QA end issue = Resource::Issue.fabricate_via_api! do |issue| - issue.title = issue_title + issue.title = 'issue title' issue.project = project end issue.visit! - Page::Project::Issue::Show.perform do |show_page| - show_page.select_all_activities_filter - show_page.comment('cc-ing you here @eve') + Page::Project::Issue::Show.perform do |show| + show.select_all_activities_filter + show.comment('cc-ing you here @eve') expect do - expect(show_page).to have_content("cc-ing you here") + expect(show).to have_content("cc-ing you here") end.not_to raise_error # Selenium::WebDriver::Error::UnhandledAlertError end end |