delta/gitlab/gitlab-ce.git - gitlab.com: gitlab-org/gitlab-ce.git

diff options


context:
space:
mode:

Diffstat (limited to 'spec/features/issues/gfm_autocomplete_spec.rb')

-rw-r--r--

spec/features/issues/gfm_autocomplete_spec.rb

1 files changed, 70 insertions, 13 deletions

diff --git a/spec/features/issues/gfm_autocomplete_spec.rb b/spec/features/issues/gfm_autocomplete_spec.rb
index 605860b90cd..d7531d5fcd9 100644
--- a/spec/features/issues/gfm_autocomplete_spec.rb
+++ b/spec/features/issues/gfm_autocomplete_spec.rb

@@ -1,14 +1,19 @@

require 'rails_helper'

describe 'GFM autocomplete', :js do

+ let(:issue_xss_title) { 'This will execute alert<img src=x onerror=alert(2)<img src=x onerror=alert(1)>' }

+ let(:user_xss_title) { 'eve <img src=x onerror=alert(2)<img src=x onerror=alert(1)>' }

+ let(:user_xss) { create(:user, name: user_xss_title, username: 'xss.user') }

let(:user) { create(:user, name: '💃speciąl someone💃', username: 'someone.special') }

let(:project) { create(:project) }

let(:label) { create(:label, project: project, title: 'special+') }

let(:issue) { create(:issue, project: project) }

- let!(:project_snippet) { create(:project_snippet, project: project, title: 'code snippet') }

before do

project.add_maintainer(user)

+ project.add_maintainer(user_xss)

sign_in(user)

visit project_issue_path(project, issue)

@@ -35,9 +40,8 @@ describe 'GFM autocomplete', :js do

expect(page).to have_selector('.atwho-container')

end

- it 'opens autocomplete menu when field starts with text with item escaping HTML characters' do

- alert_title = 'This will execute alert<img src=x onerror=alert(2)<img src=x onerror=alert(1)>'

- create(:issue, project: project, title: alert_title)

+ it 'opens autocomplete menu for Issues when field starts with text with item escaping HTML characters' do

+ create(:issue, project: project, title: issue_xss_title)

page.within '.timeline-content-form' do

find('#note-body').native.send_keys('#')

@@ -46,7 +50,19 @@ describe 'GFM autocomplete', :js do

expect(page).to have_selector('.atwho-container')

page.within '.atwho-container #at-view-issues' do

- expect(page.all('li').first.text).to include(alert_title)

+ expect(page.all('li').first.text).to include(issue_xss_title)

+ end

+ it 'opens autocomplete menu for Username when field starts with text with item escaping HTML characters' do

+ page.within '.timeline-content-form' do

+ find('#note-body').native.send_keys('@ev')

+ end

+ expect(page).to have_selector('.atwho-container')

+ page.within '.atwho-container #at-view-users' do

+ expect(find('li').text).to have_content(user_xss.username)

end

@@ -107,7 +123,7 @@ describe 'GFM autocomplete', :js do

wait_for_requests

- expect(find('#at-view-64')).to have_selector('.cur:first-of-type')

+ expect(find('#at-view-users')).to have_selector('.cur:first-of-type')

end

it 'includes items for assignee dropdowns with non-ASCII characters in name' do

@@ -120,7 +136,7 @@ describe 'GFM autocomplete', :js do

wait_for_requests

- expect(find('#at-view-64')).to have_content(user.name)

+ expect(find('#at-view-users')).to have_content(user.name)

end

it 'selects the first item for non-assignee dropdowns if a query is entered' do

@@ -317,16 +333,57 @@ describe 'GFM autocomplete', :js do

end

- it 'shows project snippets' do

- page.within '.timeline-content-form' do

- find('#note-body').native.send_keys('$')

- end

+ shared_examples 'autocomplete suggestions' do

+ it 'suggests objects correctly' do

+ page.within '.timeline-content-form' do

+ find('#note-body').native.send_keys(object.class.reference_prefix)

+ end

+ page.within '.atwho-container' do

+ expect(page).to have_content(object.title)

+ find('ul li').click

+ end

- page.within '.atwho-container' do

- expect(page).to have_content(project_snippet.title)

+ expect(find('.new-note #note-body').value).to include(expected_body)

end

+ context 'issues' do

+ let(:object) { issue }

+ let(:expected_body) { object.to_reference }