Re: [xwiki-devs] [xwiki-notifications] r28744 - in enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui: . elements framework

Author: sdumitriu Date: 2010-05-05 19:38:38 +0200 (Wed, 05 May 2010) New Revision: 28744 Added: enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/EscapeTest.java Modified: enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/elements/FormPage.java enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/framework/TestUtils.java Log: XWIKI-5161: Using XML symbols (<, >, &, ") inside the document title/name/space breaks various parts of the UI and causes the PDF export to throw exceptions Added test.

Added: enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/EscapeTest.java =================================================================== --- enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/EscapeTest.java (rev 0) +++ enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/EscapeTest.java 2010-05-05 17:38:38 UTC (rev 28744) @@ -0,0 +1,46 @@ +/* + * See the NOTICE file distributed with this work for additional + * information regarding copyright ownership. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.xwiki.it.ui; + +import junit.framework.Assert; + +import org.junit.Test; +import org.xwiki.it.ui.framework.AbstractAdminAuthenticatedTest; +import org.xwiki.it.ui.framework.TestUtils; + + +/** + * Test various character escaping bugs. + * + * @version $Id$ + * @since 2.4M1 + */ +public class EscapeTest extends AbstractAdminAuthenticatedTest { + + @Test + public void testEditReflectedXSS() + { + // tests for XWIKI-4758, XML symbols should be escaped + String page = "<>'?&\""; + TestUtils.gotoPage("Main", TestUtils.escapeURL(page), "edit", getDriver()); + Assert.assertTrue(getDriver().getPageSource().indexOf(page) < 0); + } +} + Property changes on: enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/EscapeTest.java ___________________________________________________________________ Name: svn:keywords + Author Id Revision HeadURL Name: svn:eol-style + native Modified: enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/elements/FormPage.java =================================================================== --- enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/elements/FormPage.java 2010-05-05 16:17:06 UTC (rev 28743) +++ enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/elements/FormPage.java 2010-05-05 17:38:38 UTC (rev 28744) @@ -31,7 +31,7 @@ /** * Represents a Form. * - * @version $Id:$ + * @version $Id$ * @since 2.4M1 */ public class FormPage extends BasePage Modified: enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/framework/TestUtils.java =================================================================== --- enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/framework/TestUtils.java 2010-05-05 16:17:06 UTC (rev 28743) +++ enterprise/trunk/distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/framework/TestUtils.java 2010-05-05 17:38:38 UTC (rev 28744) @@ -41,7 +41,7 @@ public static void gotoPage(String space, String page, String action, WebDriver driver) { - gotoPage(space, page, "view", null, driver); + gotoPage(space, page, action, null, driver); } public static void gotoPage(String space, String page, String action, String queryString, WebDriver driver)