From 54636e1d4293a8465a772020a54b6193d7df9878 Mon Sep 17 00:00:00 2001
From: Phil Hughes <me@iamphill.com>
Date: Tue, 9 Jan 2018 08:39:22 +0000
Subject: Merge branch 'fl-ipythin-10-3' into 'security-10-3'

Port of [10.2] Sanitizes IPython notebook output

See merge request gitlab/gitlabhq!2285

(cherry picked from commit 1c46e031c70706450a8e0ae730f4c323b72f9e4c)

aac035fe Port of [10.2] Sanitizes IPython notebook output
---
 spec/javascripts/notebook/cells/markdown_spec.js | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'spec/javascripts/notebook/cells/markdown_spec.js')

diff --git a/spec/javascripts/notebook/cells/markdown_spec.js b/spec/javascripts/notebook/cells/markdown_spec.js
index a88e9ed3d99..db2a16b0b68 100644
--- a/spec/javascripts/notebook/cells/markdown_spec.js
+++ b/spec/javascripts/notebook/cells/markdown_spec.js
@@ -42,6 +42,18 @@ describe('Markdown component', () => {
     expect(vm.$el.querySelector('.markdown h1')).not.toBeNull();
   });
 
+  it('sanitizes output', (done) => {
+    Object.assign(cell, {
+      source: ['[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+Cg==)\n'],
+    });
+
+    Vue.nextTick(() => {
+      expect(vm.$el.querySelector('a').getAttribute('href')).toBeNull();
+
+      done();
+    });
+  });
+
   describe('katex', () => {
     beforeEach(() => {
       json = getJSONFixture('blob/notebook/math.json');
-- 
cgit v1.2.3


From 87229cb08b6ed06d92c2cd0990c148f7849c079e Mon Sep 17 00:00:00 2001
From: Phil Hughes <me@iamphill.com>
Date: Wed, 17 Jan 2018 10:24:22 +0000
Subject: fixed markdown_spec.js

---
 spec/javascripts/notebook/cells/markdown_spec.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'spec/javascripts/notebook/cells/markdown_spec.js')

diff --git a/spec/javascripts/notebook/cells/markdown_spec.js b/spec/javascripts/notebook/cells/markdown_spec.js
index db2a16b0b68..02304bf5d7d 100644
--- a/spec/javascripts/notebook/cells/markdown_spec.js
+++ b/spec/javascripts/notebook/cells/markdown_spec.js
@@ -48,7 +48,7 @@ describe('Markdown component', () => {
     });
 
     Vue.nextTick(() => {
-      expect(vm.$el.querySelector('a').getAttribute('href')).toBeNull();
+      expect(vm.$el.querySelector('a')).toBeNull();
 
       done();
     });
-- 
cgit v1.2.3