Commit 01c4f565 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'test-hook-logs-xss' into 'master'

Add a test to make sure there's no XSS for hook logs

See merge request gitlab-org/gitlab-ce!18005
parents 678af224 09ce4671
require 'spec_helper'
feature 'Hook logs' do
given(:web_hook_log) { create(:web_hook_log, response_body: '<script>') }
given(:project) { web_hook_log.web_hook.project }
given(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
scenario 'user reads log without getting XSS' do
visit(
project_hook_hook_log_path(
project, web_hook_log.web_hook, web_hook_log))
expect(page).to have_content('<script>')
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment