From 0498a5dd779250372aa12b4d6a0e53ef01d1b60b Mon Sep 17 00:00:00 2001 From: Phil Hughes Date: Tue, 20 Mar 2018 10:09:38 +0000 Subject: Merge branch 'fl-fix-milestone-bug-10-6' into 'security-10-6' Escape miletone attribute when appending to the DOM See merge request gitlab/gitlabhq!2359 --- spec/features/issues/form_spec.rb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'spec/features/issues/form_spec.rb') diff --git a/spec/features/issues/form_spec.rb b/spec/features/issues/form_spec.rb index 38c618d300e..4625a50b8d9 100644 --- a/spec/features/issues/form_spec.rb +++ b/spec/features/issues/form_spec.rb @@ -226,6 +226,23 @@ describe 'New/edit issue', :js do expect(page).to have_selector('.atwho-view') end + + describe 'milestone' do + let!(:milestone) { create(:milestone, title: '"><img src=x onerror=alert(document.domain)>', project: project) } + + it 'escapes milestone' do + click_button 'Milestone' + + page.within '.issue-milestone' do + click_link milestone.title + end + + page.within '.js-milestone-select' do + expect(page).to have_content milestone.title + expect(page).not_to have_selector 'img' + end + end + end end context 'edit issue' do -- cgit v1.2.1