diff options
Diffstat (limited to 'spec/features/projects/wiki/user_views_wiki_page_spec.rb')
-rw-r--r-- | spec/features/projects/wiki/user_views_wiki_page_spec.rb | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/spec/features/projects/wiki/user_views_wiki_page_spec.rb b/spec/features/projects/wiki/user_views_wiki_page_spec.rb index 1a9cde4571e..8a338756323 100644 --- a/spec/features/projects/wiki/user_views_wiki_page_spec.rb +++ b/spec/features/projects/wiki/user_views_wiki_page_spec.rb @@ -33,6 +33,8 @@ describe 'User views a wiki page' do fill_in(:wiki_content, with: 'wiki content') click_on('Create page') end + + expect(page).to have_content('Wiki was successfully updated.') end it 'shows the history of a page that has a path' do @@ -62,8 +64,10 @@ describe 'User views a wiki page' do expect(page).to have_content('Edit Page') fill_in('Content', with: 'Updated Wiki Content') - click_on('Save changes') + + expect(page).to have_content('Wiki was successfully updated.') + click_on('Page history') page.within(:css, '.nav-text') do @@ -132,6 +136,36 @@ describe 'User views a wiki page' do end end + context 'when a page has special characters in its title' do + let(:title) { '<foo> !@#$%^&*()[]{}=_+\'"\\|<>? <bar>' } + + before do + wiki_page.update(title: title ) + end + + it 'preserves the special characters' do + visit(project_wiki_path(project, wiki_page)) + + expect(page).to have_css('.wiki-page-title', text: title) + expect(page).to have_css('.wiki-pages li', text: title) + end + end + + context 'when a page has XSS in its title or content' do + let(:title) { '<script>alert("title")<script>' } + + before do + wiki_page.update(title: title, content: 'foo <script>alert("content")</script> bar') + end + + it 'safely displays the page' do + visit(project_wiki_path(project, wiki_page)) + + expect(page).to have_css('.wiki-page-title', text: title) + expect(page).to have_content('foo bar') + end + end + context 'when a page has XSS in its message' do before do wiki_page.update(message: '<script>alert(true)<script>', content: 'XSS update') |