make sure the user.name is escaped

Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
author: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-01-04 14:02:31 +0100
committer: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-01-04 14:09:35 +0100
commit: 2a4ee2fd7f068f6eba0c51bbc8e4b0948c4dcfe4 (patch)
tree: d180b5c085f60037277112aaf150cc76e8a0d2f6 /spec/features
parent: 5dbbec4612d12d00d9db6ad057044054b923817f (diff)
download: gitlab-ce-2a4ee2fd7f068f6eba0c51bbc8e4b0948c4dcfe4.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/spec/features/atom/users_spec.rb b/spec/features/atom/users_spec.rb
index 746b6fc1ac9..de4f94fff2f 100644
--- a/spec/features/atom/users_spec.rb
+++ b/spec/features/atom/users_spec.rb
@@ -24,11 +24,12 @@ describe "User Feed", feature: true  do
       end
 
       it "should have issue opened event" do
-        body.should have_content("#{user.name} opened issue ##{issue.iid}")
+        expect(body).to have_content("#{safe_name} opened issue ##{issue.iid}")
       end
 
       it "should have issue comment event" do
-        body.should have_content("#{user.name} commented on issue ##{issue.iid}")
+        expect(body).
+          to have_content("#{safe_name} commented on issue ##{issue.iid}")
       end
     end
   end
@@ -40,4 +41,8 @@ describe "User Feed", feature: true  do
   def note_event(note, user)
     EventCreateService.new.leave_note(note, user)
   end
+
+  def safe_name
+    html_escape(user.name)
+  end
 end
author	Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>	2015-01-04 14:02:31 +0100
committer	Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>	2015-01-04 14:09:35 +0100
commit	2a4ee2fd7f068f6eba0c51bbc8e4b0948c4dcfe4 (patch)
tree	d180b5c085f60037277112aaf150cc76e8a0d2f6 /spec/features
parent	5dbbec4612d12d00d9db6ad057044054b923817f (diff)
download	gitlab-ce-2a4ee2fd7f068f6eba0c51bbc8e4b0948c4dcfe4.tar.gz