Merge branch 'security-acet-issue-details-11-2' into 'security-11-2'

[11.2] Fix XSS on Issue details page. See merge request gitlab/gitlabhq!2471
author: Bob Van Landuyt <bob@gitlab.com> 2018-09-24 18:45:19 +0300
committer: Bob Van Landuyt <bob@vanlanduyt.co> 2018-09-24 18:59:52 +0300
commit: 3bfc7a130f3481f1b1b2e5713dd891a1583db492 (patch)
tree: adb8befdf0207346879ffae197005ca5d765bf50 /spec/features
parent: aa76a86217e490b8acd1fa61d72b2a73ecc3d813 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/features/issues/issue_detail_spec.rb b/spec/features/issues/issue_detail_spec.rb
index 088ab114df3..76bc93e9766 100644
--- a/spec/features/issues/issue_detail_spec.rb
+++ b/spec/features/issues/issue_detail_spec.rb
@@ -18,6 +18,23 @@ describe 'Issue Detail', :js do
     end
   end
 
+  context 'when issue description has xss snippet' do
+    before do
+      issue.update!(description: '![xss" onload=alert(1);//](a)')
+      sign_in(user)
+      visit project_issue_path(project, issue)
+      wait_for_requests
+    end
+
+    it 'should encode the description to prevent xss issues' do
+      page.within('.issuable-details .detail-page-description') do
+        expect(page).to have_selector('img', count: 1)
+        expect(find('img')['onerror']).to be_nil
+        expect(find('img')['src']).to end_with('/a')
+      end
+    end
+  end
+
   context 'when edited by a user who is later deleted' do
     before do
       sign_in(user)
author	Bob Van Landuyt <bob@gitlab.com>	2018-09-24 18:45:19 +0300
committer	Bob Van Landuyt <bob@vanlanduyt.co>	2018-09-24 18:59:52 +0300
commit	3bfc7a130f3481f1b1b2e5713dd891a1583db492 (patch)
tree	adb8befdf0207346879ffae197005ca5d765bf50 /spec/features
parent	aa76a86217e490b8acd1fa61d72b2a73ecc3d813 (diff)