diff options
author | Robert Speicher <robert@gitlab.com> | 2017-05-03 01:25:58 +0300 |
---|---|---|
committer | Bob Van Landuyt <bob@gitlab.com> | 2017-05-10 17:44:20 +0300 |
commit | da13d1af3ecfdf124d63c5cf53aca6cac8a9f36d (patch) | |
tree | b35444a3ade5da3ca2258c81568937635880d3c9 /spec/lib/gitlab/asciidoc_spec.rb | |
parent | 99996b6bc7c13e7e7f871919942907b380d4b58c (diff) |
Merge branch 'bvl-security-9-1-validate-urls-in-markdown-using-uri'
(security-9-1) Add correct `rel` attributes to external links when rendering markdown
See merge request !2097
Diffstat (limited to 'spec/lib/gitlab/asciidoc_spec.rb')
-rw-r--r-- | spec/lib/gitlab/asciidoc_spec.rb | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/spec/lib/gitlab/asciidoc_spec.rb b/spec/lib/gitlab/asciidoc_spec.rb index f284dd14cec..2c7ebb15fd7 100644 --- a/spec/lib/gitlab/asciidoc_spec.rb +++ b/spec/lib/gitlab/asciidoc_spec.rb @@ -25,6 +25,21 @@ module Gitlab expect(render(input, context)).to eq(html) end + context "with asciidoc_opts" do + it "merges the options with default ones" do + expected_asciidoc_opts = { + safe: :secure, + backend: :gitlab_html5, + attributes: described_class::DEFAULT_ADOC_ATTRS + } + + expect(Asciidoctor).to receive(:convert) + .with(input, expected_asciidoc_opts).and_return(html) + + render(input, context) + end + end + context "XSS" do links = { 'links' => { @@ -52,7 +67,7 @@ module Gitlab it 'adds the `rel` attribute to the link' do output = render('link:https://google.com[Google]', context) - expect(output).to include('rel="nofollow noreferrer"') + expect(output).to include('rel="nofollow noreferrer noopener"') end end end |