2019-07-25 05:24:42 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-03-26 17:54:30 +00:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-16 18:09:01 +00:00
|
|
|
RSpec.describe 'Hook logs' do
|
2018-07-05 06:32:05 +00:00
|
|
|
let(:web_hook_log) { create(:web_hook_log, response_body: '<script>') }
|
|
|
|
let(:project) { web_hook_log.web_hook.project }
|
|
|
|
let(:user) { create(:user) }
|
2018-03-26 17:54:30 +00:00
|
|
|
|
|
|
|
before do
|
2018-07-11 14:36:08 +00:00
|
|
|
project.add_maintainer(user)
|
2018-03-26 17:54:30 +00:00
|
|
|
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
2018-07-05 06:32:05 +00:00
|
|
|
it 'user reads log without getting XSS' do
|
2018-03-26 17:54:30 +00:00
|
|
|
visit(
|
|
|
|
project_hook_hook_log_path(
|
|
|
|
project, web_hook_log.web_hook, web_hook_log))
|
|
|
|
|
|
|
|
expect(page).to have_content('<script>')
|
|
|
|
end
|
|
|
|
end
|