summaryrefslogtreecommitdiff
path: root/spec/features/projects/hook_logs/user_reads_log_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/features/projects/hook_logs/user_reads_log_spec.rb')
-rw-r--r--spec/features/projects/hook_logs/user_reads_log_spec.rb21
1 files changed, 21 insertions, 0 deletions
diff --git a/spec/features/projects/hook_logs/user_reads_log_spec.rb b/spec/features/projects/hook_logs/user_reads_log_spec.rb
new file mode 100644
index 00000000000..18e975fa653
--- /dev/null
+++ b/spec/features/projects/hook_logs/user_reads_log_spec.rb
@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+feature 'Hook logs' do
+ given(:web_hook_log) { create(:web_hook_log, response_body: '<script>') }
+ given(:project) { web_hook_log.web_hook.project }
+ given(:user) { create(:user) }
+
+ before do
+ project.add_master(user)
+
+ sign_in(user)
+ end
+
+ scenario 'user reads log without getting XSS' do
+ visit(
+ project_hook_hook_log_path(
+ project, web_hook_log.web_hook, web_hook_log))
+
+ expect(page).to have_content('<script>')
+ end
+end
View Lorry Controller Status