Commit c2d36027 authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab-ce master

parents 710599bd 53547792
...@@ -4,14 +4,24 @@ module QA ...@@ -4,14 +4,24 @@ module QA
context 'Plan' do context 'Plan' do
describe 'check xss occurence in @mentions in issues' do describe 'check xss occurence in @mentions in issues' do
before do before do
Runtime::Browser.visit(:gitlab, Page::Main::Login) QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
Page::Main::Login.perform(&:sign_in_using_credentials)
unless QA::Runtime::Env.personal_access_token
Runtime::Browser.visit(:gitlab, Page::Main::Login)
Page::Main::Login.perform(&:sign_in_using_admin_credentials)
end
user = Resource::User.fabricate_via_api! do |user| user = Resource::User.fabricate_via_api! do |user|
user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;" user.name = "eve <img src=x onerror=alert(2)&lt;img src=x onerror=alert(1)&gt;"
user.password = "test1234" user.password = "test1234"
end end
QA::Runtime::Env.personal_access_token = nil
Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
Page::Main::Login.perform(&:sign_in_using_credentials)
project = Resource::Project.fabricate_via_api! do |resource| project = Resource::Project.fabricate_via_api! do |resource|
resource.name = 'xss-test-for-mentions-project' resource.name = 'xss-test-for-mentions-project'
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment