From 37f194bbc19045abe013a58274494c1a6c8bbdd5 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 1 Jun 2022 07:28:22 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@15-0-stable-ee

---
 spec/frontend/gfm_auto_complete_spec.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'spec/frontend')

diff --git a/spec/frontend/gfm_auto_complete_spec.js b/spec/frontend/gfm_auto_complete_spec.js
index aa98b2774ea..552377e3381 100644
--- a/spec/frontend/gfm_auto_complete_spec.js
+++ b/spec/frontend/gfm_auto_complete_spec.js
@@ -868,4 +868,19 @@ describe('GfmAutoComplete', () => {
       );
     });
   });
+
+  describe('Contacts', () => {
+    it('escapes name and email correct', () => {
+      const xssPayload = '<script>alert(1)</script>';
+      const escapedPayload = '&lt;script&gt;alert(1)&lt;/script&gt;';
+
+      expect(
+        GfmAutoComplete.Contacts.templateFunction({
+          email: xssPayload,
+          firstName: xssPayload,
+          lastName: xssPayload,
+        }),
+      ).toBe(`<li><small>${escapedPayload} ${escapedPayload}</small> ${escapedPayload}</li>`);
+    });
+  });
 });
-- 
cgit v1.2.3