Commit 432dc98a authored by Sanad Liaquat's avatar Sanad Liaquat

Merge branch 'qa-shl-fix-check-xss-occurance-spec' into 'master'

Fix and simplify check xss occurence in @mentions spec

Closes #230447

See merge request gitlab-org/gitlab!37327
parents 7d8a5f9a 5e026628
...@@ -2,14 +2,15 @@ ...@@ -2,14 +2,15 @@
module QA module QA
RSpec.describe 'Plan', :reliable do RSpec.describe 'Plan', :reliable do
let(:user) do let!(:user) do
Resource::User.fabricate_via_api! do |user| Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;" user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234" user.password = "test1234"
user.api_client = Runtime::API::Client.as_admin
end end
end end
let(:project) do let!(:project) do
Resource::Project.fabricate_via_api! do |project| Resource::Project.fabricate_via_api! do |project|
project.name = 'xss-test-for-mentions-project' project.name = 'xss-test-for-mentions-project'
end end
...@@ -17,16 +18,6 @@ module QA ...@@ -17,16 +18,6 @@ module QA
describe 'check xss occurence in @mentions in issues', :requires_admin do describe 'check xss occurence in @mentions in issues', :requires_admin do
before do before do
QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
unless QA::Runtime::Env.personal_access_token
Flow::Login.sign_in_as_admin
end
QA::Runtime::Env.personal_access_token = nil
Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
Flow::Login.sign_in Flow::Login.sign_in
Flow::Project.add_member(project: project, username: user.username) Flow::Project.add_member(project: project, username: user.username)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment