diff options
Diffstat (limited to 'spec/frontend/project_select_combo_button_spec.js')
-rw-r--r-- | spec/frontend/project_select_combo_button_spec.js | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/spec/frontend/project_select_combo_button_spec.js b/spec/frontend/project_select_combo_button_spec.js index 40e7d27edc8..b8d5a1a61f3 100644 --- a/spec/frontend/project_select_combo_button_spec.js +++ b/spec/frontend/project_select_combo_button_spec.js @@ -1,4 +1,5 @@ import $ from 'jquery'; +import { loadHTMLFixture, resetHTMLFixture } from 'helpers/fixtures'; import ProjectSelectComboButton from '~/project_select_combo_button'; const fixturePath = 'static/project_select_combo_button.html'; @@ -22,16 +23,25 @@ describe('Project Select Combo Button', () => { name: 'My Other Cool Project', url: 'http://myothercoolproject.com', }, + vulnerableProject: { + name: 'Self XSS', + // eslint-disable-next-line no-script-url + url: 'javascript:alert(1)', + }, localStorageKey: 'group-12345-new-issue-recent-project', relativePath: 'issues/new', }; - loadFixtures(fixturePath); + loadHTMLFixture(fixturePath); testContext.newItemBtn = document.querySelector('.js-new-project-item-link'); testContext.projectSelectInput = document.querySelector('.project-item-select'); }); + afterEach(() => { + resetHTMLFixture(); + }); + describe('on page load when localStorage is empty', () => { beforeEach(() => { testContext.comboButton = new ProjectSelectComboButton(testContext.projectSelectInput); @@ -99,6 +109,25 @@ describe('Project Select Combo Button', () => { }); }); + describe('after selecting a vulnerable project', () => { + beforeEach(() => { + testContext.comboButton = new ProjectSelectComboButton(testContext.projectSelectInput); + + // mock the effect of selecting an item from the projects dropdown (select2) + $('.project-item-select') + .val(JSON.stringify(testContext.defaults.vulnerableProject)) + .trigger('change'); + }); + + it('newItemBtn href is correctly sanitized', () => { + expect(testContext.newItemBtn.getAttribute('href')).toBe('about:blank'); + }); + + afterEach(() => { + window.localStorage.clear(); + }); + }); + describe('deriveTextVariants', () => { beforeEach(() => { testContext.mockExecutionContext = { |