SECURITY: XSS issue on Admin users list

2025-05-28 01:56:58 +08:00 · 2016-08-05 12:01:16 -04:00
parent 429f27ec96
commit 3d62e5dd98
8 changed files with 75 additions and 10 deletions
--- a/test/javascripts/acceptance/admin-users-list-test.js.es6
+++ b/test/javascripts/acceptance/admin-users-list-test.js.es6
@ -0,0 +1,11 @@
+import { acceptance } from "helpers/qunit-helpers";
+
+acceptance("Admin - Users List", { loggedIn: true });
+
+test("lists users", () => {
+  visit("/admin/users/list/active");
+  andThen(() => {
+    ok(exists('.users-list .user'));
+    ok(!exists('.user:eq(0) .email small'), 'escapes email');
+  });
+});