Add latest changes from gitlab-org/security/gitlab@15-5-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-01 14:52:52 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-01 14:53:21 +0300
commit: b64b61bfe72c54fe4a7fdce34b2f1591e3822e5e (patch)
tree: c8d24132d4bd3c77a3c34a899c79f95756832b5e /spec/features/projects/blobs/blob_show_spec.rb
parent: 430576c997e7cfc61b003cf6dbf12817ef899eef (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/spec/features/projects/blobs/blob_show_spec.rb b/spec/features/projects/blobs/blob_show_spec.rb
index 93e5be18229..d679d1eeeb9 100644
--- a/spec/features/projects/blobs/blob_show_spec.rb
+++ b/spec/features/projects/blobs/blob_show_spec.rb
@@ -1001,11 +1001,9 @@ RSpec.describe 'File blob', :js do
         wait_for_requests
       end
 
-      it 'removes `style`, `class`, and `data-*`` attributes from HTML' do
-        expect(page).to have_css('h1', text: 'Swagger API documentation')
-        expect(page).not_to have_css('.foo-bar')
-        expect(page).not_to have_css('[style="background-color: red;"]')
-        expect(page).not_to have_css('[data-foo-bar="baz"]')
+      it 'renders sandboxed iframe' do
+        expected = %(<iframe src="/-/sandbox/swagger" sandbox="allow-scripts" frameborder="0" width="100%" height="1000">)
+        expect(page.html).to include(expected)
       end
     end
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-01 14:52:52 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-01 14:53:21 +0300
commit	b64b61bfe72c54fe4a7fdce34b2f1591e3822e5e (patch)
tree	c8d24132d4bd3c77a3c34a899c79f95756832b5e /spec/features/projects/blobs/blob_show_spec.rb
parent	430576c997e7cfc61b003cf6dbf12817ef899eef (diff)