Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/banzai/filter/abstract_reference_filter_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/banzai/filter/abstract_reference_filter_spec.rb')
-rw-r--r--spec/lib/banzai/filter/abstract_reference_filter_spec.rb12
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/lib/banzai/filter/abstract_reference_filter_spec.rb b/spec/lib/banzai/filter/abstract_reference_filter_spec.rb
index 798112d0f53..6890a70518b 100644
--- a/spec/lib/banzai/filter/abstract_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/abstract_reference_filter_spec.rb
@@ -20,6 +20,18 @@ describe Banzai::Filter::AbstractReferenceFilter do
end
end
+ describe '#data_attributes_for' do
+ let_it_be(:issue) { create(:issue, project: project) }
+
+ it 'is not an XSS vector' do
+ allow(described_class).to receive(:object_class).and_return(Issue)
+
+ data_attributes = filter.data_attributes_for('xss <img onerror=alert(1) src=x>', project, issue, link_content: true)
+
+ expect(data_attributes[:original]).to eq('xss <img onerror=alert(1) src=x>')
+ end
+ end
+
describe '#parent_per_reference' do
it 'returns a Hash containing projects grouped per parent paths' do
expect(filter).to receive(:references_per_parent)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 05:46:19 +0300