BigW Consortium Gitlab

Commit 2a4ee2fd by Jeroen van Baarsen

make sure the user.name is escaped

parent 5dbbec46
......@@ -24,11 +24,12 @@ describe "User Feed", feature: true do
end
it "should have issue opened event" do
body.should have_content("#{user.name} opened issue ##{issue.iid}")
expect(body).to have_content("#{safe_name} opened issue ##{issue.iid}")
end
it "should have issue comment event" do
body.should have_content("#{user.name} commented on issue ##{issue.iid}")
expect(body).
to have_content("#{safe_name} commented on issue ##{issue.iid}")
end
end
end
......@@ -40,4 +41,8 @@ describe "User Feed", feature: true do
def note_event(note, user)
EventCreateService.new.leave_note(note, user)
end
def safe_name
html_escape(user.name)
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment