From 1bff8d19299040f669ad8c3a03e19c6e4ccc36d8 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Mon, 29 Apr 2019 13:30:09 +0100 Subject: [PATCH] Bug 22478: (QA follow-up) Update tests to check for any script tags (cherry picked from commit 01dc3a2a8b079b80a5aeb09b6a4c14ca667226a2) Signed-off-by: Lucas Gass --- t/db_dependent/selenium/regressions.t | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/t/db_dependent/selenium/regressions.t b/t/db_dependent/selenium/regressions.t index d636a4bb67..656a155d53 100644 --- a/t/db_dependent/selenium/regressions.t +++ b/t/db_dependent/selenium/regressions.t @@ -168,7 +168,7 @@ subtest 'Display circulation table correctly' => sub { }; subtest 'XSS vulnerabilities in pagination' => sub { - plan tests => 3; + plan tests => 4; my $patron = $builder->build_object({ class => 'Koha::Patrons' }); for ( 1 .. 30 ) { # We want the pagination to be displayed @@ -208,7 +208,8 @@ subtest 'XSS vulnerabilities in pagination' => sub { is( $alert_text, undef, 'No alert box displayed, even if evil intent' ); my $second_page = $driver->find_element('//div[@class="pages"]/span[@class="currentPage"]/following-sibling::a'); - like( $second_page->get_attribute('href'), qr{category=1%22%3E%3Cscript%3Ealert%28%27booh%21%27%29%3C%2Fscript%3E}, 'The second patch should displayed the variables and attributes correctly URI escaped' ); + unlike( $second_page->get_attribute('href'), qr{%22%3E%3Cscript%3Ealert%28%27booh%21%27%29%3C%2Fscript%3E}, 'The second page link should not contain any script tags (escaped or otherwise)' ); + unlike( $second_page->get_attribute('href'), qr{"}, 'The second page link should not contain any script tags (escaped or otherwise)' ); push @data_to_cleanup, $patron, $patron->category, $patron->library; }; -- 2.39.5