Use new Sanitizable concern in NamespaceSetting

- Includes and uses new concern - Adds specs to capture behaviour

Use new Sanitizable concern in NamespaceSetting
- Includes and uses new concern - Adds specs to capture behaviour
cd6692fe · Philip Cunningham · Markus Koller · 9bc09614 · cd6692fe · cd6692fe
Commit cd6692fe authored Sep 08, 2021 by Philip Cunningham Committed by Markus Koller Sep 08, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 13 deletions

app/models/namespace_setting.rb app/models/namespace_setting.rb +4 -5

spec/models/namespace_setting_spec.rb spec/models/namespace_setting_spec.rb +2 -8

No files found.
--- a/app/models/namespace_setting.rb
+++ b/app/models/namespace_setting.rb
@@ -2,6 +2,7 @@
 class NamespaceSetting < ApplicationRecord
  include CascadingNamespaceSettingAttribute
+  include Sanitizable
  cascading_attr :delayed_project_removal
@@ -25,6 +26,8 @@ class NamespaceSetting < ApplicationRecord
  self.primary_key = :namespace_id
+  sanitizes! :default_branch_name
  def prevent_sharing_groups_outside_hierarchy
    return super if namespace.root?
@@ -34,11 +37,7 @@ class NamespaceSetting < ApplicationRecord
  private
  def normalize_default_branch_name
-    self.default_branch_name = if default_branch_name.blank?
+    self.default_branch_name = default_branch_name.presence
-                                 nil
-                               else
-                                 Sanitize.fragment(self.default_branch_name)
-                               end
  end
  def default_branch_name_content

--- a/spec/models/namespace_setting_spec.rb
+++ b/spec/models/namespace_setting_spec.rb
@@ -3,6 +3,8 @@
 require 'spec_helper'
 RSpec.describe NamespaceSetting, type: :model do
+  it_behaves_like 'sanitizable', :namespace_settings, %i[default_branch_name]
  # Relationships
  #
  describe "Associations" do
@@ -41,14 +43,6 @@ RSpec.describe NamespaceSetting, type: :model do
        it_behaves_like "doesn't return an error"
      end
-      context "when it contains javascript tags" do
-        it "gets sanitized properly" do
-          namespace_settings.update!(default_branch_name: "hello<script>alert(1)</script>")
-          expect(namespace_settings.default_branch_name).to eq('hello')
-        end
-      end
    end
    describe '#allow_mfa_for_group' do