diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-23 21:09:46 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-23 21:09:46 +0300 |
commit | fdd0b0fd4592c74257980d07878db75705d22192 (patch) | |
tree | fcf923555aed86fea3842f1074ec45d2864db20c /qa | |
parent | 9a9415ab127d5e660c09113238a6fb0a895218e9 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'qa')
-rw-r--r-- | qa/qa/page/component/select2.rb | 2 | ||||
-rw-r--r-- | qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb | 39 |
2 files changed, 16 insertions, 25 deletions
diff --git a/qa/qa/page/component/select2.rb b/qa/qa/page/component/select2.rb index e667fad1dd3..7e3308c0c8f 100644 --- a/qa/qa/page/component/select2.rb +++ b/qa/qa/page/component/select2.rb @@ -36,7 +36,7 @@ module QA end def dropdown_open? - has_css?('.select2-input') + find('.select2-focusser').disabled? end end end diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb index 9ae7f566452..57d2c02a27b 100644 --- a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb +++ b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb @@ -3,42 +3,33 @@ module QA context 'Plan', :reliable do describe 'check xss occurence in @mentions in issues', :requires_admin do - let(:user) do - Resource::User.fabricate_via_api! do |user| - user.name = "eve <img src=x onerror=alert(2)<img src=x onerror=alert(1)>" - user.password = "test1234" - end - end - - let(:project) do - Resource::Project.fabricate_via_api! do |project| - project.name = 'xss-test-for-mentions-project' - project.add_member(user) - end - end - - let(:issue) do - Resource::Issue.fabricate_via_api! do |issue| - issue.project = project - end - end - - before do + it 'mentions a user in a comment' do QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token unless QA::Runtime::Env.personal_access_token Flow::Login.sign_in_as_admin end + user = Resource::User.fabricate_via_api! do |user| + user.name = "eve <img src=x onerror=alert(2)<img src=x onerror=alert(1)>" + user.password = "test1234" + end + QA::Runtime::Env.personal_access_token = nil Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) } Flow::Login.sign_in - end - it 'mentions a user in a comment' do - issue.visit! + project = Resource::Project.fabricate_via_api! do |project| + project.name = 'xss-test-for-mentions-project' + end + + Flow::Project.add_member(project: project, username: user.username) + + Resource::Issue.fabricate_via_api! do |issue| + issue.project = project + end.visit! Page::Project::Issue::Show.perform do |show| show.select_all_activities_filter |