From bbfade972865e78e4d865af2cdb93e6cb57d5a45 Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Fri, 19 Mar 2021 04:24:31 +0000
Subject: Fix that inline issue auto complete does not sanitize HTML tags
 (#33846).

Patch by Marius BALTEANU.


git-svn-id: http://svn.redmine.org/redmine/trunk@20827 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 test/system/inline_autocomplete_test.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'test')

diff --git a/test/system/inline_autocomplete_test.rb b/test/system/inline_autocomplete_test.rb
index f3c7daef6..b2f943d05 100644
--- a/test/system/inline_autocomplete_test.rb
+++ b/test/system/inline_autocomplete_test.rb
@@ -151,4 +151,17 @@ class InlineAutocompleteSystemTest < ApplicationSystemTestCase
     end
     assert_equal '[[Page_with_sections]] ', find('#issue_description').value
   end
+
+  def test_inline_autocomplete_for_issues_should_escape_html_elements
+    issue = Issue.generate!(subject: 'This issue has a <select> element', project_id: 1, tracker_id: 1)
+
+    log_user('jsmith', 'jsmith')
+    visit 'projects/1/issues/new'
+
+    fill_in 'Description', :with => '#This'
+
+    within('.tribute-container') do
+      assert page.has_text? "Bug ##{issue.id}: This issue has a <select> element"
+    end
+  end
 end
-- 
cgit v1.2.3