diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 15:52:24 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 15:52:24 +0300 |
commit | b56d907a1d9065c3df354007fa00daf30626a478 (patch) | |
tree | 0868c35228207eece8e012bdc47a8829556d7758 /spec/lib/banzai | |
parent | aee004311cd93409176ea4f6e2bdcd0601487e4b (diff) |
Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee
Diffstat (limited to 'spec/lib/banzai')
-rw-r--r-- | spec/lib/banzai/filter/spaced_link_filter_spec.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/spec/lib/banzai/filter/spaced_link_filter_spec.rb b/spec/lib/banzai/filter/spaced_link_filter_spec.rb index 2c64657d69d..820ebeb6945 100644 --- a/spec/lib/banzai/filter/spaced_link_filter_spec.rb +++ b/spec/lib/banzai/filter/spaced_link_filter_spec.rb @@ -63,6 +63,16 @@ RSpec.describe Banzai::Filter::SpacedLinkFilter do end end + it 'does not process malicious input' do + Timeout.timeout(10) do + doc = filter('[ (](' * 60_000) + + found_links = doc.css('a') + + expect(found_links.size).to eq(0) + end + end + it 'converts multiple URLs' do link1 = '[first](slug one)' link2 = '[second](http://example.com/slug two)' |