Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/features/projects/wiki
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-03-03 18:08:08 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2020-03-03 18:08:08 +0300
commit946771d0b016ae92b15a60bc3290a33b94191ffe (patch)
tree64862c2433989483f5fce45d5539242577a362eb /spec/features/projects/wiki
parentf1e2fca19a90a6992c2020cf8c2159cfb0b61bca (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/features/projects/wiki')
-rw-r--r--spec/features/projects/wiki/user_views_wiki_page_spec.rb36
1 files changed, 35 insertions, 1 deletions
diff --git a/spec/features/projects/wiki/user_views_wiki_page_spec.rb b/spec/features/projects/wiki/user_views_wiki_page_spec.rb
index 1a9cde4571e..8a338756323 100644
--- a/spec/features/projects/wiki/user_views_wiki_page_spec.rb
+++ b/spec/features/projects/wiki/user_views_wiki_page_spec.rb
@@ -33,6 +33,8 @@ describe 'User views a wiki page' do
fill_in(:wiki_content, with: 'wiki content')
click_on('Create page')
end
+
+ expect(page).to have_content('Wiki was successfully updated.')
end
it 'shows the history of a page that has a path' do
@@ -62,8 +64,10 @@ describe 'User views a wiki page' do
expect(page).to have_content('Edit Page')
fill_in('Content', with: 'Updated Wiki Content')
-
click_on('Save changes')
+
+ expect(page).to have_content('Wiki was successfully updated.')
+
click_on('Page history')
page.within(:css, '.nav-text') do
@@ -132,6 +136,36 @@ describe 'User views a wiki page' do
end
end
+ context 'when a page has special characters in its title' do
+ let(:title) { '<foo> !@#$%^&*()[]{}=_+\'"\\|<>? <bar>' }
+
+ before do
+ wiki_page.update(title: title )
+ end
+
+ it 'preserves the special characters' do
+ visit(project_wiki_path(project, wiki_page))
+
+ expect(page).to have_css('.wiki-page-title', text: title)
+ expect(page).to have_css('.wiki-pages li', text: title)
+ end
+ end
+
+ context 'when a page has XSS in its title or content' do
+ let(:title) { '<script>alert("title")<script>' }
+
+ before do
+ wiki_page.update(title: title, content: 'foo <script>alert("content")</script> bar')
+ end
+
+ it 'safely displays the page' do
+ visit(project_wiki_path(project, wiki_page))
+
+ expect(page).to have_css('.wiki-page-title', text: title)
+ expect(page).to have_content('foo bar')
+ end
+ end
+
context 'when a page has XSS in its message' do
before do
wiki_page.update(message: '<script>alert(true)<script>', content: 'XSS update')
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 18:00:56 +0300