diff options
Diffstat (limited to 'spec/frontend/projects/settings/access_dropdown_spec.js')
-rw-r--r-- | spec/frontend/projects/settings/access_dropdown_spec.js | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/frontend/projects/settings/access_dropdown_spec.js b/spec/frontend/projects/settings/access_dropdown_spec.js index 65b01172e7e..d51360a7597 100644 --- a/spec/frontend/projects/settings/access_dropdown_spec.js +++ b/spec/frontend/projects/settings/access_dropdown_spec.js @@ -159,4 +159,21 @@ describe('AccessDropdown', () => { expect(template).not.toContain(user.name); }); }); + + describe('deployKeyRowHtml', () => { + const deployKey = { + id: 1, + title: 'title <script>alert(document.domain)</script>', + fullname: 'fullname <script>alert(document.domain)</script>', + avatar_url: '', + username: '', + }; + + it('escapes deploy key title and fullname', () => { + const template = dropdown.deployKeyRowHtml(deployKey); + + expect(template).not.toContain(deployKey.title); + expect(template).not.toContain(deployKey.fullname); + }); + }); }); |