Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/frontend/project_select_combo_button_spec.js
diff options
context:
space:
mode:
Diffstat (limited to 'spec/frontend/project_select_combo_button_spec.js')
-rw-r--r--spec/frontend/project_select_combo_button_spec.js31
1 files changed, 30 insertions, 1 deletions
diff --git a/spec/frontend/project_select_combo_button_spec.js b/spec/frontend/project_select_combo_button_spec.js
index 40e7d27edc8..b8d5a1a61f3 100644
--- a/spec/frontend/project_select_combo_button_spec.js
+++ b/spec/frontend/project_select_combo_button_spec.js
@@ -1,4 +1,5 @@
import $ from 'jquery';
+import { loadHTMLFixture, resetHTMLFixture } from 'helpers/fixtures';
import ProjectSelectComboButton from '~/project_select_combo_button';
const fixturePath = 'static/project_select_combo_button.html';
@@ -22,16 +23,25 @@ describe('Project Select Combo Button', () => {
name: 'My Other Cool Project',
url: 'http://myothercoolproject.com',
},
+ vulnerableProject: {
+ name: 'Self XSS',
+ // eslint-disable-next-line no-script-url
+ url: 'javascript:alert(1)',
+ },
localStorageKey: 'group-12345-new-issue-recent-project',
relativePath: 'issues/new',
};
- loadFixtures(fixturePath);
+ loadHTMLFixture(fixturePath);
testContext.newItemBtn = document.querySelector('.js-new-project-item-link');
testContext.projectSelectInput = document.querySelector('.project-item-select');
});
+ afterEach(() => {
+ resetHTMLFixture();
+ });
+
describe('on page load when localStorage is empty', () => {
beforeEach(() => {
testContext.comboButton = new ProjectSelectComboButton(testContext.projectSelectInput);
@@ -99,6 +109,25 @@ describe('Project Select Combo Button', () => {
});
});
+ describe('after selecting a vulnerable project', () => {
+ beforeEach(() => {
+ testContext.comboButton = new ProjectSelectComboButton(testContext.projectSelectInput);
+
+ // mock the effect of selecting an item from the projects dropdown (select2)
+ $('.project-item-select')
+ .val(JSON.stringify(testContext.defaults.vulnerableProject))
+ .trigger('change');
+ });
+
+ it('newItemBtn href is correctly sanitized', () => {
+ expect(testContext.newItemBtn.getAttribute('href')).toBe('about:blank');
+ });
+
+ afterEach(() => {
+ window.localStorage.clear();
+ });
+ });
+
describe('deriveTextVariants', () => {
beforeEach(() => {
testContext.mockExecutionContext = {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-19 05:55:48 +0300