Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab_script_tag_helper_spec.rb « helpers « spec - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/helpers/gitlab_script_tag_helper_spec.rb
blob: cfe7b349cec6deb06ad4b18f7c010d86961aa113 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe GitlabScriptTagHelper do
  before do
    allow(helper).to receive(:content_security_policy_nonce).and_return('noncevalue')
  end

  describe 'external script tag' do
    let(:script_url) { 'test.js' }

    it 'returns a script tag with defer=true and a nonce' do
      expect(helper.javascript_include_tag(script_url).to_s)
        .to eq "<script src=\"/javascripts/#{script_url}\" defer=\"defer\" nonce=\"noncevalue\"></script>"
    end

    it 'returns a script tag with defer=false and a nonce' do
      expect(helper.javascript_include_tag(script_url, defer: nil).to_s)
        .to eq "<script src=\"/javascripts/#{script_url}\" nonce=\"noncevalue\"></script>"
    end

    it 'returns a script tag with a nonce even nonce is set to nil' do
      expect(helper.javascript_include_tag(script_url, nonce: nil).to_s)
        .to eq "<script src=\"/javascripts/#{script_url}\" defer=\"defer\" nonce=\"noncevalue\"></script>"
    end
  end

  describe 'inline script tag' do
    let(:tag_with_nonce) { "<script nonce=\"noncevalue\">\n//<![CDATA[\nalert(1)\n//]]>\n</script>" }
    let(:tag_with_nonce_and_type) { "<script type=\"application/javascript\" nonce=\"noncevalue\">\n//<![CDATA[\nalert(1)\n//]]>\n</script>" }

    it 'returns a script tag with a nonce using block syntax' do
      expect(helper.javascript_tag { 'alert(1)' }.to_s).to eq tag_with_nonce
    end

    it 'returns a script tag with a nonce using block syntax with options' do
      expect(helper.javascript_tag(type: 'application/javascript') { 'alert(1)' }.to_s).to eq tag_with_nonce_and_type
    end

    it 'returns a script tag with a nonce using argument syntax' do
      expect(helper.javascript_tag('alert(1)').to_s).to eq tag_with_nonce
    end

    it 'returns a script tag with a nonce using argument syntax with options' do
      expect(helper.javascript_tag( 'alert(1)', type: 'application/javascript').to_s).to eq tag_with_nonce_and_type
    end

    # This scenario does not really make sense, but it's supported so we test it
    it 'returns a script tag with a nonce using argument and block syntax with options' do
      expect(helper.javascript_tag( '// ignored', type: 'application/javascript') { 'alert(1)' }.to_s).to eq tag_with_nonce_and_type
    end
  end

  describe '#preload_link_tag' do
    it 'returns a link tag with a nonce' do
      expect(helper.preload_link_tag('https://example.com/script.js').to_s)
        .to eq "<link rel=\"preload\" href=\"https://example.com/script.js\" as=\"script\" type=\"text/javascript\" nonce=\"noncevalue\">"
    end
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 04:10:10 +0300