Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/frontend/popovers/components/popovers_spec.js
diff options
context:
space:
mode:
Diffstat (limited to 'spec/frontend/popovers/components/popovers_spec.js')
-rw-r--r--spec/frontend/popovers/components/popovers_spec.js25
1 files changed, 14 insertions, 11 deletions
diff --git a/spec/frontend/popovers/components/popovers_spec.js b/spec/frontend/popovers/components/popovers_spec.js
index 25c509346d1..2751a878e51 100644
--- a/spec/frontend/popovers/components/popovers_spec.js
+++ b/spec/frontend/popovers/components/popovers_spec.js
@@ -54,17 +54,20 @@ describe('popovers/components/popovers.vue', () => {
expect(wrapper.findAll(GlPopover)).toHaveLength(1);
});
- it('supports HTML content', async () => {
- const content = 'content with <b>HTML</b>';
- await buildWrapper(
- createPopoverTarget({
- content,
- html: true,
- }),
- );
- const html = wrapper.find(GlPopover).html();
-
- expect(html).toContain(content);
+ describe('supports HTML content', () => {
+ const svgIcon = '<svg><use xlink:href="icons.svg#test"></use></svg>';
+
+ it.each`
+ description | content | render
+ ${'renders html content correctly'} | ${'<b>HTML</b>'} | ${'<b>HTML</b>'}
+ ${'removes any unsafe content'} | ${'<script>alert(XSS)</script>'} | ${''}
+ ${'renders svg icons correctly'} | ${svgIcon} | ${svgIcon}
+ `('$description', async ({ content, render }) => {
+ await buildWrapper(createPopoverTarget({ content, html: true }));
+
+ const html = wrapper.find(GlPopover).html();
+ expect(html).toContain(render);
+ });
});
it.each`
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 22:09:49 +0300