diff options
Diffstat (limited to 'spec/frontend/integrations/edit/components/dynamic_field_spec.js')
| -rw-r--r-- | spec/frontend/integrations/edit/components/dynamic_field_spec.js | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/spec/frontend/integrations/edit/components/dynamic_field_spec.js b/spec/frontend/integrations/edit/components/dynamic_field_spec.js index 8784b3c2b00..da8a2f41c1b 100644 --- a/spec/frontend/integrations/edit/components/dynamic_field_spec.js +++ b/spec/frontend/integrations/edit/components/dynamic_field_spec.js @@ -182,6 +182,19 @@ describe('DynamicField', () => { expect(findGlFormGroup().find('small').html()).toContain(helpHTML); }); + + it('strips unsafe HTML from the help text', () => { + const helpHTML = + '[<code>1</code> <iframe>2</iframe> <a href="javascript:alert(document.cookie)">3</a> <a href="foo" target="_blank">4</a>]'; + + createComponent({ + help: helpHTML, + }); + + expect(findGlFormGroup().find('small').html()).toContain( + '[<code>1</code> <a>3</a> <a target="_blank" href="foo">4</a>]', + ); + }); }); describe('label text', () => { |