Skip to content

G
gitlab-ce
Commit cd6692fe authored by Philip Cunningham's avatar Philip Cunningham Committed by Markus Koller
Browse files
Options

Use new Sanitizable concern in NamespaceSetting 

- Includes and uses new concern
- Adds specs to capture behaviour
parent 9bc09614
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 13 deletions
app/models/namespace_setting.rb
View file @ cd6692fe
......@@ -2,6 +2,7 @@
class NamespaceSetting < ApplicationRecord
include CascadingNamespaceSettingAttribute
include Sanitizable
cascading_attr :delayed_project_removal
......@@ -25,6 +26,8 @@ class NamespaceSetting < ApplicationRecord
self.primary_key = :namespace_id
sanitizes! :default_branch_name
def prevent_sharing_groups_outside_hierarchy
return super if namespace.root?
......@@ -34,11 +37,7 @@ class NamespaceSetting < ApplicationRecord
private
def normalize_default_branch_name
self.default_branch_name = if default_branch_name.blank?
nil
else
Sanitize.fragment(self.default_branch_name)
end
self.default_branch_name = default_branch_name.presence
end
def default_branch_name_content
......
spec/models/namespace_setting_spec.rb
View file @ cd6692fe
......@@ -3,6 +3,8 @@
require 'spec_helper'
RSpec.describe NamespaceSetting, type: :model do
it_behaves_like 'sanitizable', :namespace_settings, %i[default_branch_name]
# Relationships
#
describe "Associations" do
......@@ -41,14 +43,6 @@ RSpec.describe NamespaceSetting, type: :model do
it_behaves_like "doesn't return an error"
end
context "when it contains javascript tags" do
it "gets sanitized properly" do
namespace_settings.update!(default_branch_name: "hello<script>alert(1)</script>")
expect(namespace_settings.default_branch_name).to eq('hello')
end
end
end
describe '#allow_mfa_for_group' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7