Add latest changes from gitlab-org/gitlab@master

2021-03-13 21:09:34 +00:00 · 2021-03-13 21:09:34 +00:00 · c6f92ec0f1
parent 3af8411113
commit c6f92ec0f1
1 changed files with 6 additions and 0 deletions
--- a/doc/development/fe_guide/security.md
+++ b/doc/development/fe_guide/security.md
@ -105,3 +105,9 @@ element.appendChild(sanitize(unsafeHtml));

 This `sanitize` function takes the same configuration as the
 original.
+
+### Fixing Security Issues
+
+When refactoring old code, it's important that we don't accidentally remove specs written to catch security issues which might still be relevant.
+
+We should mark specs with `#security` in either the `describe` or `it` blocks to communicate to the engineer reading the code that by removing these specs could have severe consequences down the road, and you are removing code that could catch a reintroduction of a security issue.