Skip to content
Permalink
Browse files

[JENKINS-42903] Add tests to reproduce JENKINS-42903: HTML texts are …

…not properly escaped

This results HTML texts are always escaped since Jenkins >= 2.32.2.
  • Loading branch information
ikedam committed Aug 4, 2017
1 parent 4a44765 commit 141d90c373eccf9a8c3c497764407479f0e74bff
@@ -53,6 +53,12 @@
<version>1.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>antisamy-markup-formatter</artifactId>
<version>1.1</version>
<scope>test</scope>
</dependency>
</dependencies>

<build>
@@ -37,6 +37,7 @@
import hudson.EnvVars;
import hudson.Extension;
import hudson.Util;
import hudson.markup.RawHtmlMarkupFormatter;
import hudson.model.FreeStyleBuild;
import hudson.model.Descriptor;
import hudson.model.FreeStyleProject;
@@ -48,10 +49,12 @@
import net.sf.json.JSONObject;

import org.apache.commons.lang.StringUtils;
import org.junit.Assume;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule.WebClient;
import org.jvnet.hudson.test.CaptureEnvironmentBuilder;
import org.jvnet.hudson.test.Issue;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.StaplerRequest;

@@ -1141,4 +1144,43 @@ public void testDisableChoiceListIntegration() throws Exception
assertNotSame(MockChoiceListProvider.class, ((ExtensibleChoiceParameterDefinition)p.getProperty(ParametersDefinitionProperty.class).getParameterDefinition("Choice")).getChoiceListProvider().getClass());

}
}

@Issue("JENKINS-42903")
@Test
public void testSafeTitle() throws Exception {
FreeStyleProject p = j.createFreeStyleProject();
ExtensibleChoiceParameterDefinition def = new ExtensibleChoiceParameterDefinition(
"<span id=\"test-not-expected\">combinations</span>",
new MockChoiceListProvider(Arrays.asList("value1", "value2"), null),
false,
""
);
p.addProperty(new ParametersDefinitionProperty(def));

WebClient wc = j.createAllow405WebClient();
HtmlPage page = wc.getPage(p, "build");

assertNull(page.getElementById("test-not-expected"));
}

@Issue("JENKINS-42903")
@Test
public void testSafeDescription() throws Exception {
j.jenkins.setMarkupFormatter(new RawHtmlMarkupFormatter(false));

FreeStyleProject p = j.createFreeStyleProject();
ExtensibleChoiceParameterDefinition def = new ExtensibleChoiceParameterDefinition(
"Choice",
new MockChoiceListProvider(Arrays.asList("value1", "value2"), null),
false,
"<span id=\"test-expected\">blahblah</span>"
+ "<script id=\"test-not-expected\"></script>"
);
p.addProperty(new ParametersDefinitionProperty(def));

WebClient wc = j.createAllow405WebClient();
HtmlPage page = wc.getPage(p, "build");

assertNotNull(page.getElementById("test-expected"));
assertNull(page.getElementById("test-not-expected"));
}}

0 comments on commit 141d90c

Please sign in to comment.
You can’t perform that action at this time.