XWIKI-21173: Improve escaping in registration success message

* Use $xwiki.getUserName to link to the user profile. * Add an integration test to test proper escaping.
xwiki · Sep 6, 2023 · b290bfd · b290bfd
1 parent 356dfb4
commit b290bfd
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 13 deletions.
diff --git a/...m-administration-test-docker/src/test/it/org/xwiki/administration/test/ui/RegisterIT.java b/...m-administration-test-docker/src/test/it/org/xwiki/administration/test/ui/RegisterIT.java
@@ -19,22 +19,22 @@
  */
 package org.xwiki.administration.test.ui;
 
-import java.util.List;
 import java.util.stream.Stream;
 
 import org.junit.jupiter.api.Order;
+import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.openqa.selenium.By;
 import org.openqa.selenium.NoSuchElementException;
-import org.openqa.selenium.WebElement;
 import org.xwiki.administration.test.po.RegistrationModal;
 import org.xwiki.test.docker.junit5.UITest;
 import org.xwiki.test.ui.TestUtils;
 import org.xwiki.test.ui.po.AbstractRegistrationPage;
 import org.xwiki.test.ui.po.RegistrationPage;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
@@ -161,6 +161,22 @@ void registerInvalidEmail(boolean useLiveValidation, boolean isModal, TestUtils
         assertTrue(registrationPage.validationFailureMessagesInclude("Please enter a valid email address."));
     }
 
+    @Test
+    @Order(8)
+    void registerWikiSyntaxName(TestUtils testUtils) throws Exception
+    {
+        AbstractRegistrationPage registrationPage = setUp(testUtils, false, false);
+        String password = "SomePassword";
+        String firstName = "]]{{/html}}{{html clean=false}}HT&amp;ML";
+        String lastName = "]]{{/html}}";
+        String username = "WikiSyntaxName";
+        registrationPage.fillRegisterForm(firstName, lastName, username, password, password, "wiki@example.com");
+        assertTrue(validateAndRegister(testUtils, false, false, registrationPage));
+
+        assertEquals(String.format("%s %s (%s): Registration successful.", firstName, lastName, username),
+            ((RegistrationPage) registrationPage).getRegistrationSuccessMessage().orElseThrow());
+    }
+
     private AbstractRegistrationPage setUp(TestUtils testUtils, boolean useLiveValidation, boolean isModal)
         throws Exception
     {
@@ -236,7 +252,7 @@ private boolean tryToRegister(TestUtils testUtils, AbstractRegistrationPage regi
         if (isModal) {
             return administrationModalUserCreation(testUtils, registrationPage);
         } else {
-            return guestUserRegistration(testUtils, registrationPage);
+            return guestUserRegistration(registrationPage);
         }
     }
 
@@ -265,17 +281,11 @@ private boolean administrationModalUserCreation(TestUtils testUtils, AbstractReg
         }
     }
 
-    private boolean guestUserRegistration(TestUtils testUtils, AbstractRegistrationPage registrationPage)
+    private boolean guestUserRegistration(AbstractRegistrationPage registrationPage)
     {
         registrationPage.clickRegister();
 
-        List<WebElement> infos = testUtils.getDriver().findElements(By.className("infomessage"));
-        for (WebElement info : infos) {
-            if (info.getText().contains("Registration successful.")) {
-                return true;
-            }
-        }
-        return false;
+        return ((RegistrationPage) registrationPage).getRegistrationSuccessMessage().isPresent();
     }
 
     private void tryToLoginAsJohnSmith(TestUtils testUtils, AbstractRegistrationPage registrationPage)

diff --git a/...stration/xwiki-platform-administration-ui/src/main/resources/XWiki/RegistrationConfig.xml b/...stration/xwiki-platform-administration-ui/src/main/resources/XWiki/RegistrationConfig.xml
@@ -555,8 +555,9 @@
       <passwordRuleOneUpperCaseEnabled>0</passwordRuleOneUpperCaseEnabled>
     </property>
     <property>
-      <registrationSuccessMessage>#set($fullName = "$request.get('register_first_name') $request.get('register_last_name')")
-{{info}}$services.localization.render('core.register.successful', ["[[$fullName&gt;&gt;$userSpace$userName]]", $userName]){{/info}}</registrationSuccessMessage>
+      <registrationSuccessMessage>#set($message = $services.localization.render('core.register.successful', 'xwiki/2.1', ['USERLINK', $userName]))
+#set($userLink = $xwiki.getUserName("$userSpace$userName"))
+{{info}}$message.replace('USERLINK', "{{html clean=false}}$userLink{{/html}}"){{/info}}</registrationSuccessMessage>
     </property>
     <property>
       <requireCaptcha>0</requireCaptcha>

diff --git a/...form-test/xwiki-platform-test-ui/src/main/java/org/xwiki/test/ui/po/RegistrationPage.java b/...form-test/xwiki-platform-test-ui/src/main/java/org/xwiki/test/ui/po/RegistrationPage.java
@@ -19,6 +19,10 @@
  */
 package org.xwiki.test.ui.po;
 
+import java.util.List;
+import java.util.Optional;
+
+import org.openqa.selenium.By;
 import org.openqa.selenium.WebElement;
 import org.openqa.selenium.support.FindBy;
 
@@ -47,4 +51,23 @@ public void clickRegister()
     {
         this.submitButton.click();
     }
+
+    /**
+     * @since 14.10.17
+     * @since 15.5.3
+     * @since 15.8RC1
+     *
+     * @return the registration success message if present after submitting the registration form
+     */
+    public Optional<String> getRegistrationSuccessMessage()
+    {
+        List<WebElement> infos = getDriver().findElements(By.className("infomessage"));
+        for (WebElement info : infos) {
+            if (info.getText().contains("Registration successful.")) {
+                return Optional.of(info.getText());
+            }
+        }
+
+        return Optional.empty();
+    }
 }