diff options
Diffstat (limited to 'spec/features/issues/issue_sidebar_spec.rb')
| -rw-r--r-- | spec/features/issues/issue_sidebar_spec.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/spec/features/issues/issue_sidebar_spec.rb b/spec/features/issues/issue_sidebar_spec.rb index a5c9d0bde5d..64b4f9e7e67 100644 --- a/spec/features/issues/issue_sidebar_spec.rb +++ b/spec/features/issues/issue_sidebar_spec.rb @@ -8,6 +8,7 @@ feature 'Issue Sidebar' do let(:issue) { create(:issue, project: project) } let!(:user) { create(:user)} let!(:label) { create(:label, project: project, title: 'bug') } + let!(:xss_label) { create(:label, project: project, title: '<script>alert("xss");</script>') } before do sign_in(user) @@ -99,6 +100,14 @@ feature 'Issue Sidebar' do restore_window_size open_issue_sidebar end + + it 'escapes XSS when viewing issue labels' do + page.within('.block.labels') do + find('.edit-link').click + + expect(page).to have_content '<script>alert("xss");</script>' + end + end end context 'editing issue labels', :js do |