7e1f7a02db
Fix XSS in rdoc and other markups See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2058
22 lines
504 B
Ruby
22 lines
504 B
Ruby
require 'spec_helper'
|
|
|
|
describe Gitlab::OtherMarkup, lib: true do
|
|
context "XSS Checks" do
|
|
links = {
|
|
'links' => {
|
|
file: 'file.rdoc',
|
|
input: 'XSS[JaVaScriPt:alert(1)]',
|
|
output: '<p><a>XSS</a></p>'
|
|
}
|
|
}
|
|
links.each do |name, data|
|
|
it "does not convert dangerous #{name} into HTML" do
|
|
expect(render(data[:file], data[:input], context)).to eql data[:output]
|
|
end
|
|
end
|
|
end
|
|
|
|
def render(*args)
|
|
described_class.render(*args)
|
|
end
|
|
end
|