Automatic merge of gitlab-org/gitlab-ce master

1935342e · GitLab Bot · 63a9c26a · ffdb1c1b · 1935342e · 1935342e
Commit 1935342e authored Jul 04, 2019 by GitLab Bot
7 changed files
--- a/qa/qa/page/project/show.rb
+++ b/qa/qa/page/project/show.rb
@@ -7,6 +7,7 @@ module QA
        prepend QA::EE::Page::Project::Show

        include Page::Component::ClonePanel
+        include Page::Project::SubMenus::Settings

        view 'app/views/layouts/header/_new_dropdown.haml' do
          element :new_menu_toggle

--- a/qa/qa/page/project/sub_menus/ci_cd.rb
+++ b/qa/qa/page/project/sub_menus/ci_cd.rb
@@ -5,6 +5,8 @@ module QA
    module Project
      module SubMenus
        module CiCd
+          include Page::Project::SubMenus::Common
+
          def self.included(base)
            base.class_eval do
              view 'app/views/layouts/nav/sidebar/_project.html.haml' do

--- a/qa/qa/page/project/sub_menus/issues.rb
+++ b/qa/qa/page/project/sub_menus/issues.rb
@@ -5,6 +5,8 @@ module QA
    module Project
      module SubMenus
        module Issues
+          include Page::Project::SubMenus::Common
+
          def self.included(base)
            base.class_eval do
              view 'app/views/layouts/nav/sidebar/_project.html.haml' do

--- a/qa/qa/page/project/sub_menus/operations.rb
+++ b/qa/qa/page/project/sub_menus/operations.rb
@@ -5,6 +5,8 @@ module QA
    module Project
      module SubMenus
        module Operations
+          include Page::Project::SubMenus::Common
+
          def self.included(base)
            base.class_eval do
              view 'app/views/layouts/nav/sidebar/_project.html.haml' do

--- a/qa/qa/page/project/sub_menus/repository.rb
+++ b/qa/qa/page/project/sub_menus/repository.rb
@@ -5,6 +5,8 @@ module QA
    module Project
      module SubMenus
        module Repository
+          include Page::Project::SubMenus::Common
+
          def self.included(base)
            base.class_eval do
              view 'app/views/layouts/nav/sidebar/_project.html.haml' do

--- a/qa/qa/page/project/sub_menus/settings.rb
+++ b/qa/qa/page/project/sub_menus/settings.rb
@@ -5,6 +5,8 @@ module QA
    module Project
      module SubMenus
        module Settings
+          include Page::Project::SubMenus::Common
+
          def self.included(base)
            base.class_eval do
              view 'app/views/layouts/nav/sidebar/_project.html.haml' do

--- a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
+++ b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb
+# frozen_string_literal: true
+
+module QA
+  context 'Plan' do
+    describe 'check xss occurence in @mentions in issues' do
+      let(:issue_title) { 'issue title' }
+
+      it 'user mentions a user in comment' do
+        Runtime::Browser.visit(:gitlab, Page::Main::Login)
+        Page::Main::Login.perform(&:sign_in_using_credentials)
+
+        user = Resource::User.fabricate! do |user|
+          user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
+          user.password = "test1234"
+        end
+
+        project = Resource::Project.fabricate! do |resource|
+          resource.name = 'xss-test-for-mentions-project'
+        end
+        project.visit!
+
+        Page::Project::Show.perform(&:go_to_members_settings)
+        Page::Project::Settings::Members.perform do |page|
+          page.add_member(user.username)
+        end
+
+        Resource::Issue.fabricate_via_browser_ui! do |issue|
+          issue.title = issue_title
+          issue.project = project
+        end
+
+        Page::Project::Issue::Show.perform do |show_page|
+          show_page.select_all_activities_filter
+          show_page.comment('cc-ing you here @eve')
+
+          expect do
+            expect(show_page).to have_content("cc-ing you here")
+          end.not_to raise_error # Selenium::WebDriver::Error::UnhandledAlertError
+        end
+      end
+    end
+  end
+end