diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-29 17:30:51 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-29 17:30:51 +0300 |
commit | e74db6bfa85dbeb243dafcdbf03c0e5aff3f6069 (patch) | |
tree | b10184090863fcb73ebcc444cc6123cdfd7f9520 /spec/frontend/projects | |
parent | 5370ec1c3d27d646be672039e78161d22b1e2a80 (diff) |
Add latest changes from gitlab-org/security/gitlab@15-1-stable-ee
Diffstat (limited to 'spec/frontend/projects')
-rw-r--r-- | spec/frontend/projects/settings/access_dropdown_spec.js | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/frontend/projects/settings/access_dropdown_spec.js b/spec/frontend/projects/settings/access_dropdown_spec.js index 65b01172e7e..d51360a7597 100644 --- a/spec/frontend/projects/settings/access_dropdown_spec.js +++ b/spec/frontend/projects/settings/access_dropdown_spec.js @@ -159,4 +159,21 @@ describe('AccessDropdown', () => { expect(template).not.toContain(user.name); }); }); + + describe('deployKeyRowHtml', () => { + const deployKey = { + id: 1, + title: 'title <script>alert(document.domain)</script>', + fullname: 'fullname <script>alert(document.domain)</script>', + avatar_url: '', + username: '', + }; + + it('escapes deploy key title and fullname', () => { + const template = dropdown.deployKeyRowHtml(deployKey); + + expect(template).not.toContain(deployKey.title); + expect(template).not.toContain(deployKey.fullname); + }); + }); }); |