From 2a4ee2fd7f068f6eba0c51bbc8e4b0948c4dcfe4 Mon Sep 17 00:00:00 2001
From: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
Date: Sun, 4 Jan 2015 14:02:31 +0100
Subject: [PATCH] make sure the user.name is escaped

Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
---
 spec/features/atom/users_spec.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/spec/features/atom/users_spec.rb b/spec/features/atom/users_spec.rb
index 746b6fc1ac9..de4f94fff2f 100644
--- a/spec/features/atom/users_spec.rb
+++ b/spec/features/atom/users_spec.rb
@@ -24,11 +24,12 @@ describe "User Feed", feature: true  do
       end
 
       it "should have issue opened event" do
-        body.should have_content("#{user.name} opened issue ##{issue.iid}")
+        expect(body).to have_content("#{safe_name} opened issue ##{issue.iid}")
       end
 
       it "should have issue comment event" do
-        body.should have_content("#{user.name} commented on issue ##{issue.iid}")
+        expect(body).
+          to have_content("#{safe_name} commented on issue ##{issue.iid}")
       end
     end
   end
@@ -40,4 +41,8 @@ describe "User Feed", feature: true  do
   def note_event(note, user)
     EventCreateService.new.leave_note(note, user)
   end
+
+  def safe_name
+    html_escape(user.name)
+  end
 end