kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add a test to make sure there's no XSS for hook logs

This commit is contained in:
Lin Jen-Shin 2018-03-27 01:54:30 +08:00
parent 3adbc579bc
commit 09ce467184
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
spec/features/projects/hook_logs/user_reads_log_spec.rb Normal file
View File

@ -0,0 +1,21 @@
require 'spec_helper'
feature 'Hook logs' do
given(:web_hook_log) { create(:web_hook_log, response_body: '<script>') }
given(:project) { web_hook_log.web_hook.project }
given(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
scenario 'user reads log without getting XSS' do
visit(
project_hook_hook_log_path(
project, web_hook_log.web_hook, web_hook_log))
expect(page).to have_content('<script>')
end
end