summaryrefslogtreecommitdiff
path: root/spec/helpers/labels_helper_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/helpers/labels_helper_spec.rb')
-rw-r--r--spec/helpers/labels_helper_spec.rb8
1 files changed, 8 insertions, 0 deletions
diff --git a/spec/helpers/labels_helper_spec.rb b/spec/helpers/labels_helper_spec.rb
index 5efa88a2a7d..90366d7772c 100644
--- a/spec/helpers/labels_helper_spec.rb
+++ b/spec/helpers/labels_helper_spec.rb
@@ -112,6 +112,14 @@ RSpec.describe LabelsHelper do
end
end
+ describe 'render_label_text' do
+ it 'html escapes the bg_color correctly' do
+ xss_payload = '"><img src=x onerror=prompt(1)>'
+ label_text = render_label_text('xss', bg_color: xss_payload)
+ expect(label_text).to include(html_escape(xss_payload))
+ end
+ end
+
describe 'text_color_for_bg' do
it 'uses light text on dark backgrounds' do
expect(text_color_for_bg('#222E2E')).to be_color('#FFFFFF')
View Lorry Controller Status