id: readonly_project_uuid
}, session_for(which_user)
buttons = css_select('[data-method=post]').select do |el|
- el.attributes['data-remote-href'].match /project.*owner_uuid.*#{readonly_project_uuid}/
+ el.attributes['data-remote-href'].value.match /project.*owner_uuid.*#{readonly_project_uuid}/
end
if should_show
assert_not_empty(buttons, "did not offer to create a subproject")
# An object which does not offer an expired_at field but has a xx_owner_uuid_name_unique constraint
# will be renamed when removed and another object with the same name exists in user's home project.
[
- ['groups', 'subproject_in_asubproject_with_same_name_as_one_in_active_user_home'],
['pipeline_templates', 'template_in_asubproject_with_same_name_as_one_in_active_user_home'],
].each do |dm, fixture|
test "removing #{dm} from a subproject results in renaming it when there is another such object with same name in home project" do
project = api_fixture('groups')['aproject']
use_token :active
found = Group.find(project['uuid'])
- found.description = 'Textile description with link to home page <a href="/">take me home</a>.'
+ found.description = '<b>Textile</b> description with link to home page <a href="/">take me home</a>.'
found.save!
get(:show, {id: project['uuid']}, session_for(:active))
- assert_includes @response.body, 'Textile description with link to home page <a href="/">take me home</a>.'
+ assert_includes @response.body, '<b>Textile</b> description with link to home page <a href="/">take me home</a>.'
+ end
+
+ test "find a project and edit description to unsafe html description" do
+ project = api_fixture('groups')['aproject']
+ use_token :active
+ found = Group.find(project['uuid'])
+ found.description = 'Textile description with unsafe script tag <script language="javascript">alert("Hello there")</script>.'
+ found.save!
+ get(:show, {id: project['uuid']}, session_for(:active))
+ assert_includes @response.body, 'Textile description with unsafe script tag alert("Hello there").'
+ end
+
+ # Tests #14519
+ test "textile table on description renders as table html markup" do
+ use_token :active
+ project = api_fixture('groups')['aproject']
+ textile_table = <<EOT
+table(table table-striped table-condensed).
+|_. First Header |_. Second Header |
+|Content Cell |Content Cell |
+|Content Cell |Content Cell |
+EOT
+ found = Group.find(project['uuid'])
+ found.description = textile_table
+ found.save!
+ get(:show, {id: project['uuid']}, session_for(:active))
+ assert_includes @response.body, '<th>First Header'
+ assert_includes @response.body, '<td>Content Cell'
end
test "find a project and edit description to textile description with link to object" do
{
fixture: 'container_requests',
state: 'running',
- selectors: [['div.progress', true]]
+ selectors: [['.label-info', true, 'Running']]
},
{
fixture: 'pipeline_instances',
{
fixture: 'pipeline_instances',
state: 'pipeline_in_running_state',
- selectors: [['div.progress', true]]
+ selectors: [['.label-info', true, 'Running']]
},
].each do |c|
uuid = api_fixture(c[:fixture])[c[:state]]['uuid']