From d9b3b90849fd95d296b73b330c4e32ff018c81a5 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Mon, 29 Apr 2019 13:30:09 +0100 Subject: [PATCH] Bug 22478: (QA follow-up) Update tests to check for any script tags Signed-off-by: Nick Clemens --- t/db_dependent/selenium/regressions.t | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/t/db_dependent/selenium/regressions.t b/t/db_dependent/selenium/regressions.t index ac24963bde..88bfb1dbfc 100644 --- a/t/db_dependent/selenium/regressions.t +++ b/t/db_dependent/selenium/regressions.t @@ -188,7 +188,7 @@ subtest 'Display circulation table correctly' => sub { }; subtest 'XSS vulnerabilities in pagination' => sub { - plan tests => 3; + plan tests => 4; my $patron = $builder->build_object({ class => 'Koha::Patrons' }); for ( 1 .. 30 ) { # We want the pagination to be displayed @@ -228,7 +228,8 @@ subtest 'XSS vulnerabilities in pagination' => sub { is( $alert_text, undef, 'No alert box displayed, even if evil intent' ); my $second_page = $driver->find_element('//div[@class="pages"]/span[@class="currentPage"]/following-sibling::a'); - like( $second_page->get_attribute('href'), qr{category=1%22%3E%3Cscript%3Ealert%28%27booh%21%27%29%3C%2Fscript%3E}, 'The second patch should displayed the variables and attributes correctly URI escaped' ); + unlike( $second_page->get_attribute('href'), qr{%22%3E%3Cscript%3Ealert%28%27booh%21%27%29%3C%2Fscript%3E}, 'The second page link should not contain any script tags (escaped or otherwise)' ); + unlike( $second_page->get_attribute('href'), qr{"}, 'The second page link should not contain any script tags (escaped or otherwise)' ); push @cleanup, $patron, $patron->category, $patron->library; }; -- 2.39.2