1 files changed, 33 insertions, 4 deletions

diff --git a/spec/helpers/submodule_helper_spec.rb b/spec/helpers/submodule_helper_spec.rb
index 28b8def331d..18935be95c9 100644
--- a/spec/helpers/submodule_helper_spec.rb
+++ b/spec/helpers/submodule_helper_spec.rb
@@ -70,15 +70,30 @@ describe SubmoduleHelper do
         expect(submodule_links(submodule_item)).to eq(['https://github.com/gitlab-org/gitlab-ce', 'https://github.com/gitlab-org/gitlab-ce/tree/hash'])
       end
 
-      it 'returns original with non-standard url' do
+      it 'handles urls with no .git on the end' do
         stub_url('http://github.com/gitlab-org/gitlab-ce')
-        expect(submodule_links(submodule_item)).to eq([repo.submodule_url_for, nil])
+        expect(submodule_links(submodule_item)).to eq(['https://github.com/gitlab-org/gitlab-ce', 'https://github.com/gitlab-org/gitlab-ce/tree/hash'])
+      end
 
+      it 'returns original with non-standard url' do
         stub_url('http://github.com/another/gitlab-org/gitlab-ce.git')
         expect(submodule_links(submodule_item)).to eq([repo.submodule_url_for, nil])
       end
     end
 
+    context 'in-repository submodule' do
+      let(:group) { create(:group, name: "Master Project", path: "master-project") }
+      let(:project) { create(:empty_project, group: group) }
+      before do
+        self.instance_variable_set(:@project, project)
+      end
+
+      it 'in-repository' do
+        stub_url('./')
+        expect(submodule_links(submodule_item)).to eq(["/master-project/#{project.path}", "/master-project/#{project.path}/tree/hash"])
+      end
+    end
+
     context 'submodule on gitlab.com' do
       it 'detects ssh' do
         stub_url('git@gitlab.com:gitlab-org/gitlab-ce.git')
@@ -95,16 +110,30 @@ describe SubmoduleHelper do
         expect(submodule_links(submodule_item)).to eq(['https://gitlab.com/gitlab-org/gitlab-ce', 'https://gitlab.com/gitlab-org/gitlab-ce/tree/hash'])
       end
 
-      it 'returns original with non-standard url' do
+      it 'handles urls with no .git on the end' do
         stub_url('http://gitlab.com/gitlab-org/gitlab-ce')
-        expect(submodule_links(submodule_item)).to eq([repo.submodule_url_for, nil])
+        expect(submodule_links(submodule_item)).to eq(['https://gitlab.com/gitlab-org/gitlab-ce', 'https://gitlab.com/gitlab-org/gitlab-ce/tree/hash'])
+      end
 
+      it 'returns original with non-standard url' do
         stub_url('http://gitlab.com/another/gitlab-org/gitlab-ce.git')
         expect(submodule_links(submodule_item)).to eq([repo.submodule_url_for, nil])
       end
     end
 
     context 'submodule on unsupported' do
+      it 'sanitizes unsupported protocols' do
+        stub_url('javascript:alert("XSS");')
+
+        expect(helper.submodule_links(submodule_item)).to eq([nil, nil])
+      end
+
+      it 'sanitizes unsupported protocols disguised as a repository URL' do
+        stub_url('javascript:alert("XSS");foo/bar.git')
+
+        expect(helper.submodule_links(submodule_item)).to eq([nil, nil])
+      end
+
       it 'returns original' do
         stub_url('http://mygitserver.com/gitlab-org/gitlab-ce')
         expect(submodule_links(submodule_item)).to eq([repo.submodule_url_for, nil])