diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-30 00:34:07 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-30 00:34:07 +0300 |
commit | 4ed9802a40a992bfd5c8bf2c41499d54e44aff5a (patch) | |
tree | bc0b536a246b253e63097771d6717e35a69610b4 /spec | |
parent | 7d6edff6f3c7483ac588160bdf4e43ec8d0ad5d9 (diff) | |
parent | 20e8c92410d93c39f4a800941d0c633f949e7790 (diff) |
Merge branch 'security-katex-dos-master' into 'master'
Enforce max chars and max render time in markdown math
See merge request gitlab/gitlabhq!3277
Diffstat (limited to 'spec')
-rw-r--r-- | spec/features/markdown/math_spec.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/spec/features/markdown/math_spec.rb b/spec/features/markdown/math_spec.rb index 68d99b4241a..76eef66c517 100644 --- a/spec/features/markdown/math_spec.rb +++ b/spec/features/markdown/math_spec.rb @@ -34,7 +34,9 @@ describe 'Math rendering', :js do visit project_issue_path(project, issue) - expect(page).to have_selector('.katex-error', text: "\href{javascript:alert('xss');}{xss}") - expect(page).to have_selector('.katex-html a', text: 'Gitlab') + page.within '.description > .md' do + expect(page).to have_selector('.katex-error') + expect(page).to have_selector('.katex-html a', text: 'Gitlab') + end end end |