diff options
author | Lin Jen-Shin <godfat@godfat.org> | 2018-03-27 01:54:30 +0800 |
---|---|---|
committer | Lin Jen-Shin <godfat@godfat.org> | 2018-03-27 02:55:11 +0800 |
commit | 09ce4671848d79cff64a81c49c374abb281d6d94 (patch) | |
tree | 295ed1df9093c9a4922ae1fe2f92518482ee6449 | |
parent | 3adbc579bc45bf61510bc83900d07e8b0bafa088 (diff) | |
download | gitlab-ce-test-hook-logs-xss.tar.gz |
Add a test to make sure there's no XSS for hook logstest-hook-logs-xss
-rw-r--r-- | spec/features/projects/hook_logs/user_reads_log_spec.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/spec/features/projects/hook_logs/user_reads_log_spec.rb b/spec/features/projects/hook_logs/user_reads_log_spec.rb new file mode 100644 index 00000000000..18e975fa653 --- /dev/null +++ b/spec/features/projects/hook_logs/user_reads_log_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +feature 'Hook logs' do + given(:web_hook_log) { create(:web_hook_log, response_body: '<script>') } + given(:project) { web_hook_log.web_hook.project } + given(:user) { create(:user) } + + before do + project.add_master(user) + + sign_in(user) + end + + scenario 'user reads log without getting XSS' do + visit( + project_hook_hook_log_path( + project, web_hook_log.web_hook, web_hook_log)) + + expect(page).to have_content('<script>') + end +end |