summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLin Jen-Shin <godfat@godfat.org>2018-03-27 01:54:30 +0800
committerLin Jen-Shin <godfat@godfat.org>2018-03-27 02:55:11 +0800
commit09ce4671848d79cff64a81c49c374abb281d6d94 (patch)
tree295ed1df9093c9a4922ae1fe2f92518482ee6449
parent3adbc579bc45bf61510bc83900d07e8b0bafa088 (diff)
downloadgitlab-ce-test-hook-logs-xss.tar.gz
Add a test to make sure there's no XSS for hook logstest-hook-logs-xss
-rw-r--r--spec/features/projects/hook_logs/user_reads_log_spec.rb21
1 files changed, 21 insertions, 0 deletions
diff --git a/spec/features/projects/hook_logs/user_reads_log_spec.rb b/spec/features/projects/hook_logs/user_reads_log_spec.rb
new file mode 100644
index 00000000000..18e975fa653
--- /dev/null
+++ b/spec/features/projects/hook_logs/user_reads_log_spec.rb
@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+feature 'Hook logs' do
+ given(:web_hook_log) { create(:web_hook_log, response_body: '<script>') }
+ given(:project) { web_hook_log.web_hook.project }
+ given(:user) { create(:user) }
+
+ before do
+ project.add_master(user)
+
+ sign_in(user)
+ end
+
+ scenario 'user reads log without getting XSS' do
+ visit(
+ project_hook_hook_log_path(
+ project, web_hook_log.web_hook, web_hook_log))
+
+ expect(page).to have_content('<script>')
+ end
+end