summaryrefslogtreecommitdiff
path: root/spec/features/issues/form_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/features/issues/form_spec.rb')
-rw-r--r--spec/features/issues/form_spec.rb17
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/features/issues/form_spec.rb b/spec/features/issues/form_spec.rb
index 38c618d300e..4625a50b8d9 100644
--- a/spec/features/issues/form_spec.rb
+++ b/spec/features/issues/form_spec.rb
@@ -226,6 +226,23 @@ describe 'New/edit issue', :js do
expect(page).to have_selector('.atwho-view')
end
+
+ describe 'milestone' do
+ let!(:milestone) { create(:milestone, title: '"><img src=x onerror=alert(document.domain)>', project: project) }
+
+ it 'escapes milestone' do
+ click_button 'Milestone'
+
+ page.within '.issue-milestone' do
+ click_link milestone.title
+ end
+
+ page.within '.js-milestone-select' do
+ expect(page).to have_content milestone.title
+ expect(page).not_to have_selector 'img'
+ end
+ end
+ end
end
context 'edit issue' do
View Lorry Controller Status