# frozen_string_literal: true require 'spec_helper' RSpec.describe CommitsHelper do describe 'commit_author_link' do it 'escapes the author email' do commit = double( author: nil, author_name: 'Persistent XSS', author_email: 'my@email.com" onmouseover="alert(1)' ) expect(helper.commit_author_link(commit)) .not_to include('onmouseover="alert(1)"') end it 'escapes the author name' do user = build_stubbed(:user, name: 'Foo ') commit = double(author: user, author_name: '', author_email: '') expect(helper.commit_author_link(commit)) .to include('Foo <script>') expect(helper.commit_author_link(commit, avatar: true)) .to include('commit-author-name', 'js-user-link', 'Foo <script>') end end describe 'commit_committer_link' do it 'escapes the committer email' do commit = double( committer: nil, committer_name: 'Persistent XSS', committer_email: 'my@email.com" onmouseover="alert(1)' ) expect(helper.commit_committer_link(commit)) .not_to include('onmouseover="alert(1)"') end it 'escapes the committer name' do user = build_stubbed(:user, name: 'Foo ') commit = double(committer: user, committer_name: '', committer_email: '') expect(helper.commit_committer_link(commit)) .to include('Foo <script>') expect(helper.commit_committer_link(commit, avatar: true)) .to include('commit-committer-name', 'Foo <script>') end end describe '#view_on_environment_button' do let(:project) { create(:project) } let(:environment) { create(:environment, external_url: 'http://example.com') } let(:path) { 'source/file.html' } let(:sha) { RepoHelpers.sample_commit.id } before do allow(environment).to receive(:external_url_for).with(path, sha).and_return('http://example.com/file.html') end it 'returns a link tag linking to the file in the environment' do html = helper.view_on_environment_button(sha, path, environment) node = Nokogiri::HTML.parse(html).at_css('a') expect(node[:title]).to eq('View on example.com') expect(node[:href]).to eq('http://example.com/file.html') end end describe '#commit_to_html' do let(:project) { create(:project, :repository) } let(:ref) { 'master' } let(:commit) { project.commit(ref) } it 'renders HTML representation of a commit' do assign(:project, project) allow(helper).to receive(:current_user).and_return(project.owner) expect(helper.commit_to_html(commit, ref, project)).to include('