Commit 2a4ee2fd authored by Jeroen van Baarsen's avatar Jeroen van Baarsen

make sure the user.name is escaped

Signed-off-by: default avatarJeroen van Baarsen <jeroenvanbaarsen@gmail.com>
parent 5dbbec46
......@@ -24,11 +24,12 @@ describe "User Feed", feature: true do
end
it "should have issue opened event" do
body.should have_content("#{user.name} opened issue ##{issue.iid}")
expect(body).to have_content("#{safe_name} opened issue ##{issue.iid}")
end
it "should have issue comment event" do
body.should have_content("#{user.name} commented on issue ##{issue.iid}")
expect(body).
to have_content("#{safe_name} commented on issue ##{issue.iid}")
end
end
end
......@@ -40,4 +41,8 @@ describe "User Feed", feature: true do
def note_event(note, user)
EventCreateService.new.leave_note(note, user)
end
def safe_name
html_escape(user.name)
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment