Index: distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/SecurityTest.java =================================================================== --- distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/SecurityTest.java (revision 0) +++ distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/SecurityTest.java (revision 0) @@ -0,0 +1,58 @@ +/* + * See the NOTICE file distributed with this work for additional + * information regarding copyright ownership. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.xwiki.it.ui; + +import junit.framework.Assert; + +import org.junit.Test; +import org.openqa.selenium.By; +import org.xwiki.it.ui.framework.AbstractAdminAuthenticatedTest; +import org.xwiki.it.ui.framework.TestUtils; + + +/** + * Test various security bugs. + * + * @version $Id$ + * @since 2.4M1 + */ +public class SecurityTest extends AbstractAdminAuthenticatedTest { + + @Test + public void testEditReflectedXSS() + { + // tests for XWIKI-4758, injected scripts removes "xwikimaincontainer" + String script = "\">"; + TestUtils.gotoPage("Main", TestUtils.escapeURL(script), "edit", getDriver()); + Assert.assertTrue(isMainContainerPresent()); + } + + /** + * Check if the "xwikimaincontainer" (top-most div) is still present. + * + * @return + */ + private boolean isMainContainerPresent() + { + return !getDriver().findElements(By.id("xwikimaincontainer")).isEmpty(); + } +} + Property changes on: distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/SecurityTest.java ___________________________________________________________________ Added: svn:keywords + Author Id Revision HeadURL Added: svn:eol-style + native Index: distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/framework/TestUtils.java =================================================================== --- distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/framework/TestUtils.java (revision 28697) +++ distribution-test/ui-tests/src/test/it/org/xwiki/it/ui/framework/TestUtils.java (working copy) @@ -41,7 +41,7 @@ public static void gotoPage(String space, String page, String action, WebDriver driver) { - gotoPage(space, page, "view", null, driver); + gotoPage(space, page, action, null, driver); } public static void gotoPage(String space, String page, String action, String queryString, WebDriver driver)