Merge branch 'fl-fix-milestone-bug-10-6' into 'security-10-6'

Escape miletone attribute when appending to the DOM See merge request gitlab/gitlabhq!2359
author: Phil Hughes <me@iamphill.com> 2018-03-20 13:09:38 +0300
committer: Filipa Lacerda <filipa@gitlab.com> 2018-04-03 16:33:58 +0300
commit: f2ca442971ff7c416e116143a95078226d719ee2 (patch)
tree: d74f0ed68d983db154f09a3d736bfabae3319e6e /spec
parent: 3e3c05b848f5675be24e2edc9fe573b781fba1dd (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/features/issues/form_spec.rb b/spec/features/issues/form_spec.rb
index ef6b8edd0ad..b08d8e4016b 100644
--- a/spec/features/issues/form_spec.rb
+++ b/spec/features/issues/form_spec.rb
@@ -226,6 +226,23 @@ describe 'New/edit issue', :js do
 
       expect(page).to have_selector('.atwho-view')
     end
+
+    describe 'milestone' do
+      let!(:milestone) { create(:milestone, title: '">&lt;img src=x onerror=alert(document.domain)&gt;', project: project) }
+
+      it 'escapes milestone' do
+        click_button 'Milestone'
+
+        page.within '.issue-milestone' do
+          click_link milestone.title
+        end
+
+        page.within '.js-milestone-select' do
+          expect(page).to have_content milestone.title
+          expect(page).not_to have_selector 'img'
+        end
+      end
+    end
   end
 
   context 'edit issue' do
author	Phil Hughes <me@iamphill.com>	2018-03-20 13:09:38 +0300
committer	Filipa Lacerda <filipa@gitlab.com>	2018-04-03 16:33:58 +0300
commit	f2ca442971ff7c416e116143a95078226d719ee2 (patch)
tree	d74f0ed68d983db154f09a3d736bfabae3319e6e /spec
parent	3e3c05b848f5675be24e2edc9fe573b781fba1dd (diff)