Merge branch 'djadmin-xss-test' into 'master'

Add more specs for safe links See merge request gitlab-org/gitlab!27613

Merge branch 'djadmin-xss-test' into 'master'
Add more specs for safe links See merge request gitlab-org/gitlab!27613
df703e9f · Kushal Pandya · 48384751 · 217f67b4 · df703e9f
Commit df703e9f authored Mar 20, 2020 by Kushal Pandya
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 12 deletions

ee/spec/frontend/vue_shared/security_reports/components/vulnerability_details_spec.js ...security_reports/components/vulnerability_details_spec.js +14 -12

No files found.
--- a/ee/spec/frontend/vue_shared/security_reports/components/vulnerability_details_spec.js
+++ b/ee/spec/frontend/vue_shared/security_reports/components/vulnerability_details_spec.js
@@ -19,10 +19,13 @@ describe('VulnerabilityDetails component', () => {
    });
  };

-  const expectSafeLink = (link, { href, text }) => {
+  const expectSafeLink = ({ link, href, text, isExternal = true }) => {
    expect(link.is(SafeLink)).toBe(true);
    expect(link.props('href')).toBe(href);
    expect(link.text()).toBe(text);
+    if (isExternal) {
+      expect(link.props('rel')).toContain('noopener noreferrer');
+    }
  };

  const findLink = name => wrapper.find({ ref: `${name}Link` });
@@ -43,9 +46,11 @@ describe('VulnerabilityDetails component', () => {
    const vulnerability = makeVulnerability();
    componentFactory(vulnerability);

-    expectSafeLink(findLink('project'), {
+    expectSafeLink({
+      link: findLink('project'),
      href: vulnerability.project.full_path,
      text: vulnerability.project.full_name,
+      isExternal: false,
    });
  });

@@ -96,28 +101,25 @@ describe('VulnerabilityDetails component', () => {
    });

    it('for the link field', () => {
-      expectSafeLink(findLink('links'), {
-        href: badUrl,
-        text: badUrl,
-      });
+      expectSafeLink({ link: findLink('links'), href: badUrl, text: badUrl });
    });

    it('for the identifiers field', () => {
-      expectSafeLink(findLink('identifiers'), {
-        href: badUrl,
-        text: 'BAD_URL',
-      });
+      expectSafeLink({ link: findLink('identifiers'), href: badUrl, text: 'BAD_URL' });
    });

    it('for the file field', () => {
-      expectSafeLink(findLink('file'), {
+      expectSafeLink({
+        link: findLink('file'),
        href: badUrl,
        text: 'badFile.lock',
+        isExternal: false,
      });
    });

    it('for the instances field', () => {
-      expectSafeLink(wrapper.find('.report-block-list-issue-description-link .break-link'), {
+      expectSafeLink({
+        link: wrapper.find('.report-block-list-issue-description-link .break-link'),
        href: badUrl,
        text: badUrl,
      });