Merge branch 'security-ide-branch-name-xss' into 'master'

[master] Fixed XSS in branch name in Web IDE See merge request gitlab/gitlabhq!2431
author: Felipe Artur Cardozo <fcardozo@gitlab.com> 2018-07-27 00:16:24 +0300
committer: Felipe Artur Cardozo <fcardozo@gitlab.com> 2018-07-27 00:16:24 +0300
commit: 9852304befb88cd112cb681ff5cca0c31cd2ddd4 (patch)
tree: 67f5a155322f213a8b7b756b83ae4633153671b6 /spec/javascripts
parent: dae85363e363cc92e335808b2bd4e0608d92d760 (diff)
parent: 0a59ccac61d16dde068d3a78a04060265dd34e28 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/spec/javascripts/ide/components/commit_sidebar/actions_spec.js b/spec/javascripts/ide/components/commit_sidebar/actions_spec.js
index 27f10caccb1..3a5d6c8a90b 100644
--- a/spec/javascripts/ide/components/commit_sidebar/actions_spec.js
+++ b/spec/javascripts/ide/components/commit_sidebar/actions_spec.js
@@ -46,4 +46,12 @@ describe('IDE commit sidebar actions', () => {
       done();
     });
   });
+
+  describe('commitToCurrentBranchText', () => {
+    it('escapes current branch', () => {
+      vm.$store.state.currentBranchId = '<img src="x" />';
+
+      expect(vm.commitToCurrentBranchText).not.toContain('<img src="x" />');
+    });
+  });
 });
author	Felipe Artur Cardozo <fcardozo@gitlab.com>	2018-07-27 00:16:24 +0300
committer	Felipe Artur Cardozo <fcardozo@gitlab.com>	2018-07-27 00:16:24 +0300
commit	9852304befb88cd112cb681ff5cca0c31cd2ddd4 (patch)
tree	67f5a155322f213a8b7b756b83ae4633153671b6 /spec/javascripts
parent	dae85363e363cc92e335808b2bd4e0608d92d760 (diff)
parent	0a59ccac61d16dde068d3a78a04060265dd34e28 (diff)