Merge branch 'master' into xterm-npmxterm-npm

author: Nick Thomas <nick@gitlab.com> 2018-04-11 00:55:02 +0100
committer: Nick Thomas <nick@gitlab.com> 2018-04-11 00:55:02 +0100
commit: 3f73bdd837f9803b75eca484a0a0615db6c58c80 (patch)
tree: 0bd2c99d9198bfa22e7a29f375131f940033da7b /spec/features/issues/form_spec.rb
parent: b594ab949d1a2ceb9d949ff2641679fbdf273452 (diff)
parent: 37a5632483b67ddcfa4c535cc911319b25f01fb5 (diff)
download: gitlab-ce-xterm-npm.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/features/issues/form_spec.rb b/spec/features/issues/form_spec.rb
index 38c618d300e..4625a50b8d9 100644
--- a/spec/features/issues/form_spec.rb
+++ b/spec/features/issues/form_spec.rb
@@ -226,6 +226,23 @@ describe 'New/edit issue', :js do
 
       expect(page).to have_selector('.atwho-view')
     end
+
+    describe 'milestone' do
+      let!(:milestone) { create(:milestone, title: '">&lt;img src=x onerror=alert(document.domain)&gt;', project: project) }
+
+      it 'escapes milestone' do
+        click_button 'Milestone'
+
+        page.within '.issue-milestone' do
+          click_link milestone.title
+        end
+
+        page.within '.js-milestone-select' do
+          expect(page).to have_content milestone.title
+          expect(page).not_to have_selector 'img'
+        end
+      end
+    end
   end
 
   context 'edit issue' do
author	Nick Thomas <nick@gitlab.com>	2018-04-11 00:55:02 +0100
committer	Nick Thomas <nick@gitlab.com>	2018-04-11 00:55:02 +0100
commit	3f73bdd837f9803b75eca484a0a0615db6c58c80 (patch)
tree	0bd2c99d9198bfa22e7a29f375131f940033da7b /spec/features/issues/form_spec.rb
parent	b594ab949d1a2ceb9d949ff2641679fbdf273452 (diff)
parent	37a5632483b67ddcfa4c535cc911319b25f01fb5 (diff)
download	gitlab-ce-xterm-npm.tar.gz