diff options
Diffstat (limited to 'spec/frontend/issue_show/issue_spec.js')
-rw-r--r-- | spec/frontend/issue_show/issue_spec.js | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/spec/frontend/issue_show/issue_spec.js b/spec/frontend/issue_show/issue_spec.js new file mode 100644 index 00000000000..befb670c6cd --- /dev/null +++ b/spec/frontend/issue_show/issue_spec.js @@ -0,0 +1,45 @@ +import MockAdapter from 'axios-mock-adapter'; +import { useMockIntersectionObserver } from 'helpers/mock_dom_observer'; +import waitForPromises from 'helpers/wait_for_promises'; +import axios from '~/lib/utils/axios_utils'; +import initIssuableApp from '~/issue_show/issue'; +import * as parseData from '~/issue_show/utils/parse_data'; +import { appProps } from './mock_data'; + +const mock = new MockAdapter(axios); +mock.onGet().reply(200); + +useMockIntersectionObserver(); + +jest.mock('~/lib/utils/poll'); + +const setupHTML = initialData => { + document.body.innerHTML = ` + <div id="js-issuable-app"></div> + <script id="js-issuable-app-initial-data" type="application/json"> + ${JSON.stringify(initialData)} + </script> + `; +}; + +describe('Issue show index', () => { + describe('initIssueableApp', () => { + it('should initialize app with no potential XSS attack', async () => { + const alertSpy = jest.spyOn(window, 'alert').mockImplementation(() => {}); + const parseDataSpy = jest.spyOn(parseData, 'parseIssuableData'); + + setupHTML({ + ...appProps, + initialDescriptionHtml: '<svg onload=window.alert(1)>', + }); + + const issuableData = parseData.parseIssuableData(); + initIssuableApp(issuableData); + + await waitForPromises(); + + expect(parseDataSpy).toHaveBeenCalled(); + expect(alertSpy).not.toHaveBeenCalled(); + }); + }); +}); |