Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-12-07 03:12:22 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-12-07 03:12:22 +0000
commit: 6a5b78ac6945c0b0cd42293f11c94c2b3750fddc (patch)
tree: 766f1d511d9737437d9f7e2b24f41c6887bf2229 /spec/features/projects/blobs/blob_show_spec.rb
parent: ec6dd14345a117d1ff4db3b0b19a1c0fa4c7e61b (diff)
download: gitlab-ce-6a5b78ac6945c0b0cd42293f11c94c2b3750fddc.tar.gz
1 files changed, 49 insertions, 2 deletions
diff --git a/spec/features/projects/blobs/blob_show_spec.rb b/spec/features/projects/blobs/blob_show_spec.rb
index 8281e82959b..9d05c985af1 100644
--- a/spec/features/projects/blobs/blob_show_spec.rb
+++ b/spec/features/projects/blobs/blob_show_spec.rb
@@ -7,8 +7,8 @@ RSpec.describe 'File blob', :js do
 
   let(:project) { create(:project, :public, :repository) }
 
-  def visit_blob(path, anchor: nil, ref: 'master')
-    visit project_blob_path(project, File.join(ref, path), anchor: anchor)
+  def visit_blob(path, anchor: nil, ref: 'master', **additional_args)
+    visit project_blob_path(project, File.join(ref, path), anchor: anchor, **additional_args)
 
     wait_for_requests
   end
@@ -1501,6 +1501,53 @@ RSpec.describe 'File blob', :js do
           end
         end
       end
+
+      context 'openapi.yml' do
+        before do
+          file_name = 'openapi.yml'
+
+          create_file(file_name, '
+              swagger: \'2.0\'
+              info:
+                title: Classic API Resource Documentation
+                description: |
+                        <div class="foo-bar" style="background-color: red;" data-foo-bar="baz">
+                          <h1>Swagger API documentation</h1>
+                        </div>
+                version: production
+              basePath: /JSSResource/
+              produces:
+                - application/xml
+                - application/json
+              consumes:
+                - application/xml
+                - application/json
+              security:
+                - basicAuth: []
+              paths:
+                /accounts:
+                  get:
+                    responses:
+                      \'200\':
+                        description: No response was specified
+                    tags:
+                      - accounts
+                    operationId: findAccounts
+                    summary: Finds all accounts
+            ')
+          visit_blob(file_name, useUnsafeMarkdown: '1')
+          click_button('Display rendered file')
+
+          wait_for_requests
+        end
+
+        it 'removes `style`, `class`, and `data-*`` attributes from HTML' do
+          expect(page).to have_css('h1', text: 'Swagger API documentation')
+          expect(page).not_to have_css('.foo-bar')
+          expect(page).not_to have_css('[style="background-color: red;"]')
+          expect(page).not_to have_css('[data-foo-bar="baz"]')
+        end
+      end
     end
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-12-07 03:12:22 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-12-07 03:12:22 +0000
commit	6a5b78ac6945c0b0cd42293f11c94c2b3750fddc (patch)
tree	766f1d511d9737437d9f7e2b24f41c6887bf2229 /spec/features/projects/blobs/blob_show_spec.rb
parent	ec6dd14345a117d1ff4db3b0b19a1c0fa4c7e61b (diff)
download	gitlab-ce-6a5b78ac6945c0b0cd42293f11c94c2b3750fddc.tar.gz