Merge branch 'security-katex-dos-master' into 'master'

Enforce max chars and max render time in markdown math See merge request gitlab/gitlabhq!3277
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-08-30 00:34:07 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-08-30 00:34:07 +0300
commit: 4ed9802a40a992bfd5c8bf2c41499d54e44aff5a (patch)
tree: bc0b536a246b253e63097771d6717e35a69610b4 /spec/features/markdown
parent: 7d6edff6f3c7483ac588160bdf4e43ec8d0ad5d9 (diff)
parent: 20e8c92410d93c39f4a800941d0c633f949e7790 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/spec/features/markdown/math_spec.rb b/spec/features/markdown/math_spec.rb
index 68d99b4241a..76eef66c517 100644
--- a/spec/features/markdown/math_spec.rb
+++ b/spec/features/markdown/math_spec.rb
@@ -34,7 +34,9 @@ describe 'Math rendering', :js do
 
     visit project_issue_path(project, issue)
 
-    expect(page).to have_selector('.katex-error', text: "\href{javascript:alert('xss');}{xss}")
-    expect(page).to have_selector('.katex-html a', text: 'Gitlab')
+    page.within '.description > .md' do
+      expect(page).to have_selector('.katex-error')
+      expect(page).to have_selector('.katex-html a', text: 'Gitlab')
+    end
   end
 end
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-08-30 00:34:07 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-08-30 00:34:07 +0300
commit	4ed9802a40a992bfd5c8bf2c41499d54e44aff5a (patch)
tree	bc0b536a246b253e63097771d6717e35a69610b4 /spec/features/markdown
parent	7d6edff6f3c7483ac588160bdf4e43ec8d0ad5d9 (diff)
parent	20e8c92410d93c39f4a800941d0c633f949e7790 (diff)