diff options
| author | panjan <panjan@panjan.cz> | 2016-09-30 12:03:16 +0300 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2016-11-01 12:49:30 +0300 |
| commit | 6b4c6fa193d1f831e272b03cec605e702069770c (patch) | |
| tree | 6809014d9116ac7b24453b9962375a66cce145b9 /spec/lib/banzai/pipeline | |
| parent | 266fcfb1935c8aa8c6ac3d2ae71530c441b08675 (diff) | |
Fix Markdown styling inside reference links
Fixes: https://gitlab.com/gitlab-org/gitlab-ce/issues/18096
Diffstat (limited to 'spec/lib/banzai/pipeline')
| -rw-r--r-- | spec/lib/banzai/pipeline/full_pipeline_spec.rb | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/spec/lib/banzai/pipeline/full_pipeline_spec.rb b/spec/lib/banzai/pipeline/full_pipeline_spec.rb new file mode 100644 index 00000000000..2501b638774 --- /dev/null +++ b/spec/lib/banzai/pipeline/full_pipeline_spec.rb @@ -0,0 +1,28 @@ +require 'rails_helper' + +describe Banzai::Pipeline::FullPipeline do + describe 'References' do + let(:project) { create(:empty_project, :public) } + let(:issue) { create(:issue, project: project) } + + it 'handles markdown inside a reference' do + markdown = "[some `code` inside](#{issue.to_reference})" + result = described_class.call(markdown, project: project) + link_content = result[:output].css('a').inner_html + expect(link_content).to eq('some <code>code</code> inside') + end + + it 'sanitizes reference HTML' do + link_label = '<script>bad things</script>' + markdown = "[#{link_label}](#{issue.to_reference})" + result = described_class.to_html(markdown, project: project) + expect(result).not_to include(link_label) + end + + it 'escapes the data-original attribute on a reference' do + markdown = %Q{[">bad things](#{issue.to_reference})} + result = described_class.to_html(markdown, project: project) + expect(result).to include(%{data-original='\">bad things'}) + end + end +end |