make sure the user.name is escaped

Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>

make sure the user.name is escaped
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2a4ee2fd · Jeroen van Baarsen · 5dbbec46 · 2a4ee2fd
Commit 2a4ee2fd authored Jan 04, 2015 by Jeroen van Baarsen
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

spec/features/atom/users_spec.rb spec/features/atom/users_spec.rb +7 -2

No files found.
--- a/spec/features/atom/users_spec.rb
+++ b/spec/features/atom/users_spec.rb
@@ -24,11 +24,12 @@ describe "User Feed", feature: true  do
      end

      it "should have issue opened event" do
-        body.should have_content("#{user.name} opened issue ##{issue.iid}")
+        expect(body).to have_content("#{safe_name} opened issue ##{issue.iid}")
      end

      it "should have issue comment event" do
-        body.should have_content("#{user.name} commented on issue ##{issue.iid}")
+        expect(body).
+          to have_content("#{safe_name} commented on issue ##{issue.iid}")
      end
    end
  end
@@ -40,4 +41,8 @@ describe "User Feed", feature: true  do
  def note_event(note, user)
    EventCreateService.new.leave_note(note, user)
  end
+
+  def safe_name
+    html_escape(user.name)
+  end
 end