diff options
Diffstat (limited to 'spec/helpers/gitlab_script_tag_helper_spec.rb')
-rw-r--r-- | spec/helpers/gitlab_script_tag_helper_spec.rb | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/spec/helpers/gitlab_script_tag_helper_spec.rb b/spec/helpers/gitlab_script_tag_helper_spec.rb new file mode 100644 index 00000000000..37413b9b1c2 --- /dev/null +++ b/spec/helpers/gitlab_script_tag_helper_spec.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe GitlabScriptTagHelper do + before do + allow(helper).to receive(:content_security_policy_nonce).and_return('noncevalue') + end + + describe 'external script tag' do + let(:script_url) { 'test.js' } + + it 'returns a script tag with defer=true and a nonce' do + expect(helper.javascript_include_tag(script_url).to_s) + .to eq "<script src=\"/javascripts/#{script_url}\" defer=\"defer\" nonce=\"noncevalue\"></script>" + end + end + + describe 'inline script tag' do + let(:tag_with_nonce) {"<script nonce=\"noncevalue\">\n//<![CDATA[\nalert(1)\n//]]>\n</script>"} + let(:tag_with_nonce_and_type) {"<script type=\"application/javascript\" nonce=\"noncevalue\">\n//<![CDATA[\nalert(1)\n//]]>\n</script>"} + + it 'returns a script tag with a nonce using block syntax' do + expect(helper.javascript_tag { 'alert(1)' }.to_s).to eq tag_with_nonce + end + + it 'returns a script tag with a nonce using block syntax with options' do + expect(helper.javascript_tag(type: 'application/javascript') { 'alert(1)' }.to_s).to eq tag_with_nonce_and_type + end + + it 'returns a script tag with a nonce using argument syntax' do + expect(helper.javascript_tag('alert(1)').to_s).to eq tag_with_nonce + end + + it 'returns a script tag with a nonce using argument syntax with options' do + expect(helper.javascript_tag( 'alert(1)', type: 'application/javascript').to_s).to eq tag_with_nonce_and_type + end + + # This scenario does not really make sense, but it's supported so we test it + it 'returns a script tag with a nonce using argument and block syntax with options' do + expect(helper.javascript_tag( '// ignored', type: 'application/javascript') { 'alert(1)' }.to_s).to eq tag_with_nonce_and_type + end + end +end |