Commit 2a4ee2fd authored by Jeroen van Baarsen's avatar Jeroen van Baarsen

make sure the user.name is escaped

Signed-off-by: default avatarJeroen van Baarsen <jeroenvanbaarsen@gmail.com>
parent 5dbbec46
...@@ -24,11 +24,12 @@ describe "User Feed", feature: true do ...@@ -24,11 +24,12 @@ describe "User Feed", feature: true do
end end
it "should have issue opened event" do it "should have issue opened event" do
body.should have_content("#{user.name} opened issue ##{issue.iid}") expect(body).to have_content("#{safe_name} opened issue ##{issue.iid}")
end end
it "should have issue comment event" do it "should have issue comment event" do
body.should have_content("#{user.name} commented on issue ##{issue.iid}") expect(body).
to have_content("#{safe_name} commented on issue ##{issue.iid}")
end end
end end
end end
...@@ -40,4 +41,8 @@ describe "User Feed", feature: true do ...@@ -40,4 +41,8 @@ describe "User Feed", feature: true do
def note_event(note, user) def note_event(note, user)
EventCreateService.new.leave_note(note, user) EventCreateService.new.leave_note(note, user)
end end
def safe_name
html_escape(user.name)
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment