-
由 Annabel Dunstone Gray 创作于Changelog: changed
由 Annabel Dunstone Gray 创作于Changelog: changed
代码所有者
将用户和群组指定为特定文件更改的核准人。 了解更多。
commits_helper_spec.rb 11.50 KiB
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe CommitsHelper do
include ProjectForksHelper
describe 'commit_author_link' do
it 'escapes the author email' do
commit = double(
author: nil,
author_name: 'Persistent XSS',
author_email: 'my@email.com" onmouseover="alert(1)'
)
expect(helper.commit_author_link(commit))
.not_to include('onmouseover="alert(1)"')
end
it 'escapes the author name' do
user = build_stubbed(:user, name: 'Foo <script>alert("XSS")</script>')
commit = double(author: user, author_name: '', author_email: '')
expect(helper.commit_author_link(commit))
.to include('Foo <script>')
expect(helper.commit_author_link(commit, avatar: true))
.to include('commit-author-name', 'js-user-link', 'Foo <script>')
end
end
describe 'commit_committer_link' do
it 'escapes the committer email' do
commit = double(
committer: nil,
committer_name: 'Persistent XSS',
committer_email: 'my@email.com" onmouseover="alert(1)'
)
expect(helper.commit_committer_link(commit))
.not_to include('onmouseover="alert(1)"')
end
it 'escapes the committer name' do
user = build_stubbed(:user, name: 'Foo <script>alert("XSS")</script>')
commit = double(committer: user, committer_name: '', committer_email: '')
expect(helper.commit_committer_link(commit))
.to include('Foo <script>')
expect(helper.commit_committer_link(commit, avatar: true))
.to include('commit-committer-name', 'Foo <script>')
end
end
describe '#view_file_button' do
let(:project) { build(:project) }
let(:path) { 'path/to/file' }
let(:sha) { '1234567890' }
subject do
helper.view_file_button(sha, path, project)
end
it 'links to project files' do
expect(subject).to have_link('1234567', href: helper.project_blob_path(project, "#{sha}/#{path}"))
end
end
describe '#view_on_environment_button' do