diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-26 07:41:55 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-26 07:41:55 +0000 |
| commit | cd0dca4807f5e17151db70cbf7a0ff4304f5cbb8 (patch) | |
| tree | 76f50fc34862897805374a295f6a9578d1dc8923 /spec | |
| parent | cb87b3156b090977efaf98689a2e090d5d34031b (diff) | |
| parent | 4e6fd652ab2615733a30611a845c58ad46c982fc (diff) | |
| download | gitlab-ce-cd0dca4807f5e17151db70cbf7a0ff4304f5cbb8.tar.gz | |
Merge branch 'security-katex-dos-12-2' into '12-2-stable'
Enforce max chars and max render time in markdown math
See merge request gitlab/gitlabhq!3353
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/features/markdown/math_spec.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/spec/features/markdown/math_spec.rb b/spec/features/markdown/math_spec.rb index 68d99b4241a..76eef66c517 100644 --- a/spec/features/markdown/math_spec.rb +++ b/spec/features/markdown/math_spec.rb @@ -34,7 +34,9 @@ describe 'Math rendering', :js do visit project_issue_path(project, issue) - expect(page).to have_selector('.katex-error', text: "\href{javascript:alert('xss');}{xss}") - expect(page).to have_selector('.katex-html a', text: 'Gitlab') + page.within '.description > .md' do + expect(page).to have_selector('.katex-error') + expect(page).to have_selector('.katex-html a', text: 'Gitlab') + end end end |