From e74879280f0cbf48fa0dcf8031e711cc51c9183f Mon Sep 17 00:00:00 2001
From: Bob Van Landuyt <bob@vanlanduyt.co>
Date: Wed, 28 Feb 2018 09:06:18 +0100
Subject: Allow maintainers to edit directly in a fork

---
 spec/helpers/tree_helper_spec.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'spec/helpers')

diff --git a/spec/helpers/tree_helper_spec.rb b/spec/helpers/tree_helper_spec.rb
index d3b1be599dd..ccac6e29447 100644
--- a/spec/helpers/tree_helper_spec.rb
+++ b/spec/helpers/tree_helper_spec.rb
@@ -62,4 +62,13 @@ describe TreeHelper do
       end
     end
   end
+
+  describe '#commit_in_single_accessible_branch' do
+    it 'escapes HTML from the branch name' do
+      helper.instance_variable_set(:@branch_name, "<script>alert('escape me!');</script>")
+      escaped_branch_name = '&lt;script&gt;alert(&#39;escape me!&#39;);&lt;/script&gt;'
+
+      expect(helper.commit_in_single_accessible_branch).to include(escaped_branch_name)
+    end
+  end
 end
-- 
cgit v1.2.3