Commit 50510ade authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Fix HTML being rendered in mirror error message

In Rails 6, String manipulation methods are now HTML-safe
aware. https://github.com/rails/rails/pull/33990

This means, when doing the `#insert` here it first escapes
the HTML before inserting into the HTML-safe string
parent 794e3ce7
...@@ -8,7 +8,7 @@ module EE ...@@ -8,7 +8,7 @@ module EE
return message if raw_message return message if raw_message
message.insert(0, "#{icon('warning triangle')} ") message = icon('warning triangle') + ' ' + message
if can?(current_user, :admin_project, @project) if can?(current_user, :admin_project, @project)
link_to message, project_mirror_path(@project) link_to message, project_mirror_path(@project)
......
...@@ -42,6 +42,13 @@ describe 'shared/_mirror_status.html.haml' do ...@@ -42,6 +42,13 @@ describe 'shared/_mirror_status.html.haml' do
expect(rendered).to have_content("The repository failed to update") expect(rendered).to have_content("The repository failed to update")
end end
it 'renders failure message with icon' do
render 'shared/mirror_status'
expect(rendered).to have_content('The repository failed to update')
expect(rendered).to have_css('i', class: 'fa-warning fa-triangle')
end
context 'with a previous successful update' do context 'with a previous successful update' do
it 'renders failure message' do it 'renders failure message' do
@project.import_state.last_successful_update_at = Time.now - 1.minute @project.import_state.last_successful_update_at = Time.now - 1.minute
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment